The Samba-Bugzilla – Attachment 18375 Details for
Bug 15680
Trust domains are not created
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
trust create log with -d 10 and commented try-except
trust-create-debug-10.log (text/plain), 14.03 KB, created by
Dinar Yulmukhametov
on 2024-07-12 07:59:41 UTC
(
hide
)
Description:
trust create log with -d 10 and commented try-except
Filename:
MIME Type:
Creator:
Dinar Yulmukhametov
Created:
2024-07-12 07:59:41 UTC
Size:
14.03 KB
patch
obsolete
>$ sudo /usr/local/samba/bin/samba-tool domain trust create winlocal.net --direction="both" --type="external" --quarantined="no" --create-location="both" --skip-validation -UAdministrator@winlocal.net -d 10 >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 >lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf >Processing section "[global]" >Processing section "[sysvol]" >Processing section "[netlogon]" >pm_process() returned Yes >GENSEC backend 'gssapi_spnego' registered >GENSEC backend 'gssapi_krb5' registered >GENSEC backend 'gssapi_krb5_sasl' registered >GENSEC backend 'spnego' registered >GENSEC backend 'schannel' registered >GENSEC backend 'ncalrpc_as_system' registered >GENSEC backend 'sasl-EXTERNAL' registered >GENSEC backend 'ntlmssp' registered >GENSEC backend 'ntlmssp_resume_ccache' registered >GENSEC backend 'http_basic' registered >GENSEC backend 'http_ntlm' registered >GENSEC backend 'http_negotiate' registered >GENSEC backend 'krb5' registered >GENSEC backend 'fake_gssapi_krb5' registered >Using binding ncalrpc:AL-R-DC1[,auth_type=ncalrpc_as_system] >Mapped to DCERPC endpoint EPMAPPER >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >Starting GENSEC mechanism ncalrpc_as_system >gensec_update_send: ncalrpc_as_system[0x2154d00]: subreq: 0x20ce4b0 >gensec_update_done: ncalrpc_as_system[0x2154d00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x20ce4b0/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x20ce690)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >dcerpc_pull_auth_trailer: auth_pad_length 0 >gensec_update_send: ncalrpc_as_system[0x2154d00]: subreq: 0x21a19c0 >gensec_update_done: ncalrpc_as_system[0x2154d00]: NT_STATUS_OK tevent_req[0x21a19c0/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x21a1ba0)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >rpc request data: >[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 02 00 00 00 41 00 00 00 41 00 00 00 ........ A...A... >[0020] 04 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4...... >[0030] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0050] 02 00 00 00 01 00 0C 02 00 00 00 01 00 10 01 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0070] 00 00 00 00 00 00 00 00 01 00 00 00 ........ .... >rpc reply data: >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........ >[0020] 01 00 00 00 03 00 00 00 48 00 00 00 48 00 00 00 ........ H...H... >[0030] 04 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4...... >[0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0060] 02 00 00 00 01 00 0C 02 00 00 00 01 00 10 08 00 ........ ........ >[0070] 44 45 46 41 55 4C 54 00 00 00 00 00 DEFAULT. .... >Mapped to DCERPC endpoint DEFAULT >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >Starting GENSEC mechanism ncalrpc_as_system >gensec_update_send: ncalrpc_as_system[0x21b2d60]: subreq: 0x20ce4b0 >gensec_update_done: ncalrpc_as_system[0x21b2d60]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x20ce4b0/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x20ce690)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >dcerpc_pull_auth_trailer: auth_pad_length 0 >gensec_update_send: ncalrpc_as_system[0x21b2d60]: subreq: 0x21a19c0 >gensec_update_done: ncalrpc_as_system[0x21b2d60]: NT_STATUS_OK tevent_req[0x21a19c0/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x21a1ba0)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >rpc request data: >[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 ........ ........ >[0030] 02 00 01 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >[0040] 01 00 00 00 01 00 00 00 ........ >rpc reply data: >[0000] 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 94 E9 EA DA F8 16 9B 48 B0 69 8B C7 ........ ...H.i.. >[0020] 4E 82 93 EB 00 00 00 00 N....... >rpc request data: >[0000] 00 00 00 00 94 E9 EA DA F8 16 9B 48 B0 69 8B C7 ........ ...H.i.. >[0010] 4E 82 93 EB 0C 00 N..... >rpc reply data: >[0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........ >[0010] 18 00 1A 00 08 00 02 00 18 00 1A 00 0C 00 02 00 ........ ........ >[0020] 43 8D FF DB EC FF 76 44 8F 0A 9A CC D6 AE 06 F5 C.....vD ........ >[0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........ >[0040] 53 00 4D 00 42 00 4C 00 4F 00 43 00 41 00 4C 00 S.M.B.L. O.C.A.L. >[0050] 0D 00 00 00 00 00 00 00 0C 00 00 00 73 00 6D 00 ........ ....s.m. >[0060] 62 00 6C 00 6F 00 63 00 61 00 6C 00 2E 00 6E 00 b.l.o.c. a.l...n. >[0070] 65 00 74 00 0D 00 00 00 00 00 00 00 0C 00 00 00 e.t..... ........ >[0080] 73 00 6D 00 62 00 6C 00 6F 00 63 00 61 00 6C 00 s.m.b.l. o.c.a.l. >[0090] 2E 00 6E 00 65 00 74 00 04 00 00 00 01 04 00 00 ..n.e.t. ........ >[00A0] 00 00 00 05 15 00 00 00 19 A1 52 FC 33 04 9C F4 ........ ..R.3... >[00B0] 71 AD 41 99 00 00 00 00 q.A..... >LocalDomain Netbios[SMBLOCAL] DNS[smblocal.net] SID[S-1-5-21-4233273625-4103865395-2571218289] >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >finddcs: searching for a DC by DNS domain winlocal.net >finddcs: looking for SRV records for _ldap._tcp.winlocal.net >resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.winlocal.net<0x0> >startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. Error was No such file or directory >dns_lookup_send_next: Sending DNS request #0 to 10.1.188.15 >dns_cli_request_send: Asking 10.1.188.15 for _ldap._tcp.winlocal.net./1/33 via UDP >[0000] 5C B9 01 00 00 01 00 00 00 00 00 00 05 5F 6C 64 \....... ....._ld >[0010] 61 70 04 5F 74 63 70 08 77 69 6E 6C 6F 63 61 6C ap._tcp. winlocal >[0020] 03 6E 65 74 00 00 21 00 01 .net..!. . >[0000] 5C B9 81 80 00 01 00 01 00 00 00 01 05 5F 6C 64 \....... ....._ld >[0010] 61 70 04 5F 74 63 70 08 77 69 6E 6C 6F 63 61 6C ap._tcp. winlocal >[0020] 03 6E 65 74 00 00 21 00 01 C0 0C 00 21 00 01 00 .net..!. ....!... >[0030] 00 02 58 00 12 00 00 00 64 01 85 09 77 69 6E 2D ..X..... d...win- >[0040] 72 2D 64 63 31 C0 17 C0 3B 00 01 00 01 00 00 0E r-dc1... ;....... >[0050] 10 00 04 0A 01 BC 0A ....... >finddcs: DNS SRV response 0 at '10.1.188.10' >finddcs: performing CLDAP query on 10.1.188.10 > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0003f3fd (259069) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 1: NBT_SERVER_DS_9 > 1: NBT_SERVER_DS_10 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 2f35bb21-b39c-429b-a95b-a7b7a6c6da1d > forest : 'winlocal.net' > dns_domain : 'winlocal.net' > pdc_dns_name : 'WIN-R-DC1.winlocal.net' > domain_name : 'WINLOCAL' > pdc_name : 'WIN-R-DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >finddcs: Found matching DC 10.1.188.10 with server_type=0x0003f3fd >RemoteDC Netbios[WIN-R-DC1] DNS[WIN-R-DC1.winlocal.net] ServerType[PDC,GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRET_DOMAIN_6,ADS_WEB_SERVICE,DS_8,DS_9,DS_10,__unknown_00020000__] >Using binding ncacn_np:WIN-R-DC1.winlocal.net >Mapped to DCERPC endpoint \pipe\lsarpc >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >resolve_lmhosts: Attempting lmhosts lookup for name WIN-R-DC1.winlocal.net<0x20> >startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. Error was No such file or directory >socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gssapi_krb5 >Password for [Administrator@winlocal.net]: >Received smb_krb5 packet of length 196 >Received smb_krb5 packet of length 96 >kinit for Administrator@winlocal.net succeeded >gensec_update_send: gssapi_krb5[0x21b3960]: subreq: 0x21a19c0 >gensec_update_send: spnego[0x21b6420]: subreq: 0x21a5010 >gensec_update_done: gssapi_krb5[0x21b3960]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x21a19c0/../../source4/auth/gensec/gensec_gssapi.c:1117]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x21a1ba0)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1127] >gensec_update_done: spnego[0x21b6420]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x21a5010/../../auth/gensec/spnego.c:1616]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x21a51f0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2100] >gensec_gssapi: NO credentials were delegated >GSSAPI Connection will be cryptographically signed >gensec_update_send: gssapi_krb5[0x21b3960]: subreq: 0x20ce4b0 >gensec_update_send: spnego[0x21b6420]: subreq: 0x21a5010 >gensec_update_done: gssapi_krb5[0x21b3960]: NT_STATUS_OK tevent_req[0x20ce4b0/../../source4/auth/gensec/gensec_gssapi.c:1117]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x20ce690)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1134] >gensec_update_done: spnego[0x21b6420]: NT_STATUS_OK tevent_req[0x21a5010/../../auth/gensec/spnego.c:1616]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x21a51f0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2100] >signed SMB2 message (sign_algo_id=1) >signed SMB2 message (sign_algo_id=1) >signed SMB2 message (sign_algo_id=1) >rpc request data: >[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 ........ ........ >[0030] 02 00 01 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >[0040] 01 00 00 00 01 00 00 00 ........ >signed SMB2 message (sign_algo_id=1) >rpc fault: DCERPC_FAULT_ACCESS_DENIED >ERROR: REMOTE_DC[WIN-R-DC1.winlocal.net]: failed to query LSA_POLICY_INFO_DNS - ERROR(0xC0000022) - {Access Denied} A process has requested access to an object but has not been granted those access rights. > File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain/trust.py", line 958, in run > ) = self.get_lsa_info(remote_lsa, remote_policy_access) > File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain/trust.py", line 225, in get_lsa_info > policy_access > File "/usr/local/samba/lib/python3.7/site-packages/samba/lsa_utils.py", line 57, in OpenPolicyFallback > in_revision_info >signed SMB2 message (sign_algo_id=1)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18375">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15680
: 18375 |
18378
|
18379
|
18384
|
18571
|
18572
|
18650