Web lists-archives.com

Re: [Samba] samba 4.7.6-Ubuntu + ipv6 not work bind9-DLZ




Em 10-09-2018 10:43, Rowland Penny via samba escreveu:
On Mon, 10 Sep 2018 09:56:46 -0400
spiderslack via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi, all


I trying setting domain samba with bind9-DLZ. I followed the tutorial
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller,
but not work. see the tests bellow


ricardobarbosa@isadora:~$ bash tools/testSambaRecords.sh
Host _ldap._tcp.freewaynet.corp not found: 3(NXDOMAIN)
Host _kerberos._udp.freewaynet.corp not found: 3(NXDOMAIN)
Host agamenon.freewaynet.corp not found: 3(NXDOMAIN)
ricardobarbosa@isadora:~$

following link to troubleshooting


------------------------ inicio -------------------------------
root@agamenon:~# ps axf | egrep "samba|smbd|winbind"
   1283 pts/0    S+     0:00  |                   \_ samba -i
   1284 pts/0    S+     0:00  |                       \_ samba -i
   1290 pts/0    S+     0:00  |                       |   \_ samba -i
   1291 ?        Ss     0:00  |                       |       \_
/usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
--log-stdout
   1305 ?        S      0:00  |                       |           \_
/usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
--log-stdout
   1306 ?        S      0:00  |                       |           \_
/usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
--log-stdout
   1307 ?        S      0:00  |                       |           \_
/usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
--log-stdout
   1285 pts/0    S+     0:00  |                       \_ samba -i
   1286 pts/0    S+     0:00  |                       \_ samba -i
   1287 pts/0    S+     0:00  |                       \_ samba -i
   1288 pts/0    S+     0:00  |                       \_ samba -i
   1289 pts/0    S+     0:00  |                       \_ samba -i
   1292 pts/0    S+     0:00  |                       \_ samba -i
   1293 pts/0    S+     0:00  |                       \_ samba -i
   1295 pts/0    S+     0:00  |                       \_ samba -i
   1297 pts/0    S+     0:00  |                       \_ samba -i
   1298 pts/0    S+     0:00  |                       \_ samba -i
------------------------------------------------------------


Hmm, you have grepped for 'winbind' but it isn't showing, have you
installed the winbind package ?

Rowland

Hi, thanks for answering.


I did not install winbind because i figured it was installed along with samba. in smb.conf until it has a reference to winbind


-----------------------------

        server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate

-----------------------------


I need install winbind?


But when join the workstation the domain, i get followed:


-----------------------------------

The following error ocurred attempting to join the domain An internal error occurred

-----------------------------------


I debug the process samba with command "samba -i -d 4" i get followed error:


----------------------------------------------------------------------


added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= netmask=ffff:ffff:ffff:ffff:: added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 netmask=255.255.255.0 added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= netmask=ffff:ffff:ffff:ffff:: added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 netmask=255.255.255.0 added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= netmask=ffff:ffff:ffff:ffff:: added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 netmask=255.255.255.0 added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= netmask=ffff:ffff:ffff:ffff:: added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 netmask=255.255.255.0 added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= netmask=ffff:ffff:ffff:ffff:: added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 netmask=255.255.255.0 Kerberos: AS-REQ Administrator@xxxxxxxxxxxxxxx from ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61477 for krbtgt/freewaynet.corp@xxxxxxxxxxxxxxx
Kerberos: Client sent patypes: 128
Kerberos: Looking for PKINIT pa-data -- Administrator@xxxxxxxxxxxxxxx
Kerberos: Looking for ENC-TS pa-data -- Administrator@xxxxxxxxxxxxxxx
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- Administrator@xxxxxxxxxxxxxxx Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: AS-REQ Administrator@xxxxxxxxxxxxxxx from ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61478 for krbtgt/freewaynet.corp@xxxxxxxxxxxxxxx
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- Administrator@xxxxxxxxxxxxxxx
Kerberos: Looking for ENC-TS pa-data -- Administrator@xxxxxxxxxxxxxxx
Kerberos: ENC-TS Pre-authentication succeeded -- Administrator@xxxxxxxxxxxxxxx using aes256-cts-hmac-sha1-96 Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[Administrator@xxxxxxxxxxxxxxx] at [Mon, 10 Sep 2018 14:42:38.918181 UTC] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation [(null)] remote host [ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61478] became [FREEWAYNET]\[Administrator] [S-1-5-21-1615479121-2557752159-4193559781-500]. local host [NULL] JSON Authentication: {"timestamp": "2018-09-10T14:42:38.918341+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "NULL", "remoteAddress": "ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61478", "serviceDescription": "Kerberos KDC", "authDescription": "ENC-TS Pre-authentication", "clientDomain": null, "clientAccount": "Administrator@xxxxxxxxxxxxxxx", "workstation": null, "becameAccount": "Administrator", "becameDomain": "FREEWAYNET", "becameSid": "S-1-5-21-1615479121-2557752159-4193559781-500", "mappedAccount": "Administrator", "mappedDomain": "FREEWAYNET", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", "passwordType": "aes256-cts-hmac-sha1-96"}} get_auth_event_server: Failed to find 'auth_event' registered on the message bus to send JSON authentication events to: NT_STATUS_OBJECT_NAME_NOT_FOUND authsam_account_ok: Checking SMB password for user Administrator@xxxxxxxxxxxxxxx Kerberos: AS-REQ authtime: 2018-09-10T14:42:38 starttime: unset endtime: 2018-09-11T00:42:38 renew till: 2018-09-17T14:42:38 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: TGS-REQ Administrator@xxxxxxxxxxxxxxx from ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61479 for cifs/agamenon.freewaynet.corp@xxxxxxxxxxxxxxx [canonicalize, renewable, forwardable] Kerberos: TGS-REQ authtime: 2018-09-10T14:42:38 starttime: 2018-09-10T14:42:38 endtime: 2018-09-11T00:42:38 renew till: 2018-09-17T14:42:38 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Kerberos: TGS-REQ Administrator@xxxxxxxxxxxxxxx from ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61480 for krbtgt/FREEWAYNET.CORP@xxxxxxxxxxxxxxx [renewable-ok, canonicalize, renewable, forwarded, forwardable] Kerberos: TGS-REQ authtime: 2018-09-10T14:42:38 starttime: 2018-09-10T14:42:38 endtime: 2018-09-11T00:42:38 renew till: 2018-09-17T14:42:38 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]


----------------------------------------------------------------------

Any idea?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba