The Samba-Bugzilla – Attachment 18384 Details for
Bug 15680
Trust domains are not created
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log with patch from Stefan Metzmacher
trust-create-patch-d10.log (text/x-log), 14.85 KB, created by
Dinar Yulmukhametov
on 2024-07-25 06:18:38 UTC
(
hide
)
Description:
Log with patch from Stefan Metzmacher
Filename:
MIME Type:
Creator:
Dinar Yulmukhametov
Created:
2024-07-25 06:18:38 UTC
Size:
14.85 KB
patch
obsolete
> >sudo /usr/local/samba/bin/samba-tool domain trust create winlocal.net --direction="both" --type="external" --quarantined="no" --create-location="both" --skip-validation -UAdministrator@winlocal.net -d 10 >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 > ldapsrv: 10 >lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf >Processing section "[global]" >Processing section "[sysvol]" >Processing section "[netlogon]" >pm_process() returned Yes >GENSEC backend 'gssapi_spnego' registered >GENSEC backend 'gssapi_krb5' registered >GENSEC backend 'gssapi_krb5_sasl' registered >GENSEC backend 'spnego' registered >GENSEC backend 'schannel' registered >GENSEC backend 'ncalrpc_as_system' registered >GENSEC backend 'sasl-EXTERNAL' registered >GENSEC backend 'ntlmssp' registered >GENSEC backend 'ntlmssp_resume_ccache' registered >GENSEC backend 'http_basic' registered >GENSEC backend 'http_ntlm' registered >GENSEC backend 'http_negotiate' registered >GENSEC backend 'krb5' registered >GENSEC backend 'fake_gssapi_krb5' registered >Using binding ncalrpc:AL-R-DC1[,auth_type=ncalrpc_as_system] >Mapped to DCERPC endpoint EPMAPPER >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >Starting GENSEC mechanism ncalrpc_as_system >gensec_update_send: ncalrpc_as_system[0x1982870]: subreq: 0x1983190 >gensec_update_done: ncalrpc_as_system[0x1982870]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x1983190/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x1983370)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >dcerpc_pull_auth_trailer: auth_pad_length 0 >gensec_update_send: ncalrpc_as_system[0x1982870]: subreq: 0x1994ec0 >gensec_update_done: ncalrpc_as_system[0x1982870]: NT_STATUS_OK tevent_req[0x1994ec0/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x19950a0)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >rpc request data: >[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 02 00 00 00 41 00 00 00 41 00 00 00 ........ A...A... >[0020] 04 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4...... >[0030] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0050] 02 00 00 00 01 00 0C 02 00 00 00 01 00 10 01 00 ........ ........ >[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0070] 00 00 00 00 00 00 00 00 01 00 00 00 ........ .... >rpc reply data: >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........ >[0020] 01 00 00 00 03 00 00 00 48 00 00 00 48 00 00 00 ........ H...H... >[0030] 04 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4...... >[0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0060] 02 00 00 00 01 00 0C 02 00 00 00 01 00 10 08 00 ........ ........ >[0070] 44 45 46 41 55 4C 54 00 00 00 00 00 DEFAULT. .... >Mapped to DCERPC endpoint DEFAULT >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >Starting GENSEC mechanism ncalrpc_as_system >gensec_update_send: ncalrpc_as_system[0x19ab5b0]: subreq: 0x1983190 >gensec_update_done: ncalrpc_as_system[0x19ab5b0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x1983190/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x1983370)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >dcerpc_pull_auth_trailer: auth_pad_length 0 >gensec_update_send: ncalrpc_as_system[0x19ab5b0]: subreq: 0x1994ec0 >gensec_update_done: ncalrpc_as_system[0x19ab5b0]: NT_STATUS_OK tevent_req[0x1994ec0/../../auth/gensec/ncalrpc.c:100]: state[2] error[0 (0x0)] state[struct gensec_ncalrpc_update_state (0x19950a0)] timer[(nil)] finish[../../auth/gensec/ncalrpc.c:116] >rpc request data: >[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 ........ ........ >[0030] 02 00 01 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >[0040] 01 00 00 00 01 00 00 00 ........ >rpc reply data: >[0000] 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 DF EF 15 3E AA 44 2B 4B B7 55 C5 7F .......> .D+K.U.. >[0020] 86 38 E2 72 00 00 00 00 .8.r.... >rpc request data: >[0000] 00 00 00 00 DF EF 15 3E AA 44 2B 4B B7 55 C5 7F .......> .D+K.U.. >[0010] 86 38 E2 72 0C 00 .8.r.. >rpc reply data: >[0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........ >[0010] 18 00 1A 00 08 00 02 00 18 00 1A 00 0C 00 02 00 ........ ........ >[0020] 9E EF 4A DE 9E 74 43 40 BC 6B 54 47 12 B5 E1 33 ..J..tC@ .kTG...3 >[0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........ >[0040] 53 00 4D 00 42 00 4C 00 4F 00 43 00 41 00 4C 00 S.M.B.L. O.C.A.L. >[0050] 0D 00 00 00 00 00 00 00 0C 00 00 00 73 00 6D 00 ........ ....s.m. >[0060] 62 00 6C 00 6F 00 63 00 61 00 6C 00 2E 00 6E 00 b.l.o.c. a.l...n. >[0070] 65 00 74 00 0D 00 00 00 00 00 00 00 0C 00 00 00 e.t..... ........ >[0080] 73 00 6D 00 62 00 6C 00 6F 00 63 00 61 00 6C 00 s.m.b.l. o.c.a.l. >[0090] 2E 00 6E 00 65 00 74 00 04 00 00 00 01 04 00 00 ..n.e.t. ........ >[00A0] 00 00 00 05 15 00 00 00 EF 01 18 CF 0A 25 FA 62 ........ .....%.b >[00B0] 90 3A 28 BC 00 00 00 00 .:(..... >LocalDomain Netbios[SMBLOCAL] DNS[smblocal.net] SID[S-1-5-21-3474457071-1660560650-3156753040] >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >finddcs: searching for a DC by DNS domain winlocal.net >finddcs: looking for SRV records for _ldap._tcp.winlocal.net >resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.winlocal.net<0x0> >startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. Error was No such file or directory >dns_lookup_send_next: Sending DNS request #0 to 10.1.188.15 >dns_cli_request_send: Asking 10.1.188.15 for _ldap._tcp.winlocal.net./1/33 via UDP >[0000] 82 4F 01 00 00 01 00 00 00 00 00 00 05 5F 6C 64 .O...... ....._ld >[0010] 61 70 04 5F 74 63 70 08 77 69 6E 6C 6F 63 61 6C ap._tcp. winlocal >[0020] 03 6E 65 74 00 00 21 00 01 .net..!. . >[0000] 82 4F 81 80 00 01 00 01 00 00 00 01 05 5F 6C 64 .O...... ....._ld >[0010] 61 70 04 5F 74 63 70 08 77 69 6E 6C 6F 63 61 6C ap._tcp. winlocal >[0020] 03 6E 65 74 00 00 21 00 01 C0 0C 00 21 00 01 00 .net..!. ....!... >[0030] 00 02 58 00 12 00 00 00 64 01 85 09 77 69 6E 2D ..X..... d...win- >[0040] 72 2D 64 63 31 C0 17 C0 3B 00 01 00 01 00 00 0E r-dc1... ;....... >[0050] 10 00 04 0A 01 BC 0A ....... >finddcs: DNS SRV response 0 at '10.1.188.10' >finddcs: performing CLDAP query on 10.1.188.10 > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0003f3fd (259069) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 1: NBT_SERVER_DS_9 > 1: NBT_SERVER_DS_10 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 60877f67-ddcb-4ef3-a3fc-695eccae75f0 > forest : 'winlocal.net' > dns_domain : 'winlocal.net' > pdc_dns_name : 'WIN-R-DC1.winlocal.net' > domain_name : 'WINLOCAL' > pdc_name : 'WIN-R-DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >finddcs: Found matching DC 10.1.188.10 with server_type=0x0003f3fd >RemoteDC Netbios[WIN-R-DC1] DNS[WIN-R-DC1.winlocal.net] ServerType[PDC,GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,GOOD_TIMESERV,FULL_SECRET_DOMAIN_6,ADS_WEB_SERVICE,DS_8,DS_9,DS_10,__unknown_00020000__] >Using binding ncacn_np:WIN-R-DC1.winlocal.net >Mapped to DCERPC endpoint \pipe\lsarpc >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >added interface eth0 ip=10.1.188.15 bcast=10.1.191.255 netmask=255.255.252.0 >resolve_lmhosts: Attempting lmhosts lookup for name WIN-R-DC1.winlocal.net<0x20> >startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. Error was No such file or directory >socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gssapi_krb5 >Password for [Administrator@winlocal.net]: >Received smb_krb5 packet of length 196 >Received smb_krb5 packet of length 96 >kinit for Administrator@winlocal.net succeeded >gensec_update_send: gssapi_krb5[0x19ac1b0]: subreq: 0x1994ec0 >gensec_update_send: spnego[0x19aed50]: subreq: 0x19b0790 >gensec_update_done: gssapi_krb5[0x19ac1b0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x1994ec0/../../source4/auth/gensec/gensec_gssapi.c:1117]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x19950a0)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1127] >gensec_update_done: spnego[0x19aed50]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x19b0790/../../auth/gensec/spnego.c:1615]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x19b0970)] timer[(nil)] finish[../../auth/gensec/spnego.c:2099] >gensec_gssapi: NO credentials were delegated >GSSAPI Connection will be cryptographically signed >gensec_update_send: gssapi_krb5[0x19ac1b0]: subreq: 0x1983190 >gensec_update_send: spnego[0x19aed50]: subreq: 0x19b0790 >gensec_update_done: gssapi_krb5[0x19ac1b0]: NT_STATUS_OK tevent_req[0x1983190/../../source4/auth/gensec/gensec_gssapi.c:1117]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x1983370)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1134] >gensec_update_done: spnego[0x19aed50]: NT_STATUS_OK tevent_req[0x19b0790/../../auth/gensec/spnego.c:1615]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x19b0970)] timer[(nil)] finish[../../auth/gensec/spnego.c:2099] >signed SMB2 message (sign_algo_id=1) >signed SMB2 message (sign_algo_id=1) >signed SMB2 message (sign_algo_id=1) >rpc request data: >[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 ........ ........ >[0030] 02 00 01 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ >[0040] 01 00 00 00 01 00 00 00 ........ >signed SMB2 message (sign_algo_id=1) >rpc fault: DCERPC_FAULT_ACCESS_DENIED >signed SMB2 message (sign_algo_id=1) >signed SMB2 message (sign_algo_id=1) >rpc request data: >[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........ >[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[0020] 00 00 00 00 00 00 00 00 04 00 02 00 0C 00 00 00 ........ ........ >[0030] 02 00 01 00 00 00 00 00 ........ >signed SMB2 message (sign_algo_id=1) >rpc reply data: >[0000] 00 00 00 00 94 CC BD C2 DD 54 C6 4A 8E 3E F6 4D ........ .T.J.>.M >[0010] 60 D0 0C 8F 00 00 00 00 `....... >rpc request data: >[0000] 00 00 00 00 94 CC BD C2 DD 54 C6 4A 8E 3E F6 4D ........ .T.J.>.M >[0010] 60 D0 0C 8F 0C 00 `..... >signed SMB2 message (sign_algo_id=1) >rpc reply data: >[0000] 00 00 00 00 22 00 00 C0 ...."... >ERROR: REMOTE_DC[WIN-R-DC1.winlocal.net]: failed to query LSA_POLICY_INFO_DNS - ERROR(0xC0000022) - {Access Denied} A process has requested access to an object but has not been granted those access rights. > File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain/trust.py", line 984, in run > ) = self.get_lsa_info(remote_lsa, remote_policy_access) > File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain/trust.py", line 262, in get_lsa_info > info = conn.QueryInfoPolicy2(policy, lsa.LSA_POLICY_INFO_DNS) >signed SMB2 message (sign_algo_id=1) >signed SMB2 message (sign_algo_id=1)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18384">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15680
:
18375
|
18378
|
18379
| 18384 |
18571
|
18572
|
18650