Bug 12200 - Unable to join classic NT4 domain because net command is trying to join AD
Unable to join classic NT4 domain because net command is trying to join AD
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.4.5
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-02 09:21 UTC by Milan Kerslager
Modified: 2016-12-08 11:18 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Milan Kerslager 2016-09-02 09:21:57 UTC
Sice Fedora 23 I'm unable to join a station to the classic domain even it works on my Fedora 20 (old machine I have handy). See https://bugzilla.redhat.com/show_bug.cgi?id=1359398

When trying to debug problem, it seem like net command is trying to join AD instead of classic domain (see below). The logs are from up-to-date box with F24, last log is from F20 where it works.

$ net join -w oalib.cz -U root
Failed to join domain: failed to find DC for domain OALIB.CZ

$ net rpc oldjoin -w oalib.cz -U root 
Failed to join domain: failed to find DC for domain OALIB.CZ


$ net join -w oalib.cz -U root -d3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface enp8s0 ip=10.0.0.35 bcast=10.0.255.255 netmask=255.255.0.0
get_dc_list: preferred server list: ", *"
ads_find_dc: name resolution for realm '' (domain 'OALIB.CZ') failed: NT_STATUS_NO_LOGON_SERVERS
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'PITOMA'
            domain_name              : *
                domain_name              : 'OALIB.CZ'
            domain_name_type         : JoinDomNameTypeUnknown (0)
            account_ou               : NULL
            admin_account            : ''
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x000000c1 (193)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001f (31)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.OALIB.CZ (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to find DC for domain OALIB.CZ'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            result                   : WERR_DCNOTFOUND
Enter root's password: <password entered>
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'PITOMA'
            domain_name              : *
                domain_name              : 'OALIB.CZ'
            domain_name_type         : JoinDomNameTypeUnknown (0)
            account_ou               : NULL
            admin_account            : 'root'
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001f (31)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.OALIB.CZ (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to find DC for domain OALIB.CZ'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            result                   : WERR_DCNOTFOUND
Failed to join domain: failed to find DC for domain OALIB.CZ
return code = -1


$ net rpc oldjoin -w oalib.cz -U root -d3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface enp8s0 ip=10.0.0.35 bcast=10.0.255.255 netmask=255.255.0.0
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'PITOMA'
            domain_name              : *
                domain_name              : 'OALIB.CZ'
            domain_name_type         : JoinDomNameTypeUnknown (0)
            account_ou               : NULL
            admin_account            : ''
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x000000c1 (193)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001f (31)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.OALIB.CZ (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to find DC for domain OALIB.CZ'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            result                   : WERR_DCNOTFOUND
Failed to join domain: failed to find DC for domain OALIB.CZ
return code = -1


Debug output from Fedora 20 working setup for comparsion:
=========================================================
$ net join -w oalib.cz -U root -d3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface p4p1 ip=10.0.50.4 bcast=10.0.255.255 netmask=255.255.0.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
get_dc_list: preferred server list: ", *"
resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1c>
resolve_wins: using WINS server 10.0.0.2 and tag '*'
Got a positive name query response from 10.0.0.2 ( 10.0.0.2 )
ads_cldap_netlogon: did not get a reply
ads_try_connect: CLDAP request 10.0.0.2 failed.
resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1b>
resolve_wins: using WINS server 10.0.0.2 and tag '*'
Got a positive name query response from 10.0.0.2 ( 10.0.0.2 )
Connecting to 10.0.0.2 at port 445
rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Enter root's password:
Connecting to 10.0.0.2 at port 445
Doing spnego session setup (blob length=42)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Connecting to 10.0.0.2 at port 445
Joined domain OALIB.CZ.
return code = 0
Comment 1 x09 2016-12-08 11:18:18 UTC
confirm bug.


Samba 4.4.7


Detailed log below:


Samba 4.4.7


Detailed log below:

[root@pandora7 ~]#  net join rpc -S ARMADA -U root -d3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface enp31s0 ip=192.168.1.95 bcast=192.168.1.95 netmask=255.255.255.255
get_dc_list: preferred server list: ", *"
ads_find_dc: name resolution for realm '' (domain 'GEO') failed: NT_STATUS_NO_LOGON_SERVERS
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : 'ARMADA'
            machine_name             : 'PANDORA7'
            domain_name              : *
                domain_name              : 'GEO'
            domain_name_type         : JoinDomNameTypeUnknown (0)
            account_ou               : NULL
            admin_account            : ''
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x000000c1 (193)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001f (31)
Connecting to 192.168.1.28 at port 445
Connecting to 192.168.1.28 at port 139
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
../source3/rpc_client/cli_pipe.c:568: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host ARMADA!
No realm has been specified! Do you really want to join an Active Directory server?
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : 'GEO'
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_sid               : *
                domain_sid               : S-1-5-21-2068682600-2350025889-3278183345
            modified_config          : 0x00 (0)
            error_string             : 'failed to join domain 'GEO' over rpc: Access denied'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            result                   : WERR_ACCESS_DENIED
Enter root's password:
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : 'ARMADA'
            machine_name             : 'PANDORA7'
            domain_name              : *
                domain_name              : 'GEO'
            domain_name_type         : JoinDomNameTypeUnknown (0)
            account_ou               : NULL
            admin_account            : 'root'
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001f (31)
Connecting to 192.168.1.28 at port 445
Connecting to 192.168.1.28 at port 139
smb_signing_good: BAD SIG: seq 1
cli_session_setup: NT1 session setup failed: NT_STATUS_ACCESS_DENIED
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to lookup DC info for domain 'GEO' over rpc: Access denied'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            result                   : WERR_ACCESS_DENIED
Failed to join domain: failed to lookup DC info for domain 'GEO' over rpc: Access denied
return code = -1