Bug 6897 - Unable to join domain with IP address when security is set to 'domain'.
Unable to join domain with IP address when security is set to 'domain'.
Status: RESOLVED INVALID
Product: Samba 3.2
Classification: Unclassified
Component: Domain Control
3.2.11
x86 Linux
: P3 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-16 04:22 UTC by Brajesh Shrivastava
Modified: 2009-11-16 06:19 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brajesh Shrivastava 2009-11-16 04:22:28 UTC
I have installed Samba server 3.2.11 on Suse sles10. I am using Microsoft Windows 2003 (Enterprise Edition SP1) for Active directory service. When security is 'domain', If I try to join the domain by using host name for 'password server', it works fine. But, the join fails when I use IP address.

My smb.conf look like this:
----------------------------

[global]
        realm = SFSQA.COM
        netbios name = brajesh
        server string = Scalable File Server
        workgroup = SFSQA
        security = domain
        preferred master = no
        domain master = no
        local master = no
        encrypt passwords = yes
        password server = 10.209.110.210
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        idmap backend = idmap_rid:SFSQA=10000-20000
        allow trusted domains = no
        load printers = no
        printcap name = /dev/null
        disable spoolss = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        log level = 5 passdb:3 auth:3 winbind:3
        log file = /var/log/samba/log.%m
        browseable = yes
        lanman auth = no
        ntlm auth = yes
        obey pam restrictions = yes
        kernel change notify = no
        dos filemode = yes
        host msdfs = yes
        ldap admin dn =
        ldap suffix =
        ldap idmap suffix = ou=cifsidmap
        map to guest = Bad User
        username map = /opt/VRTSnasgw/conf/smbusers.map
netbios aliases =
interfaces =
wins support = no


I am also posting here command output with debuglevel=4

brajesh_01 # net rpc join -I 10.209.110.210 -U administrator -w sfsqa.com --debuglevel=4
[2009/11/16 05:08:06,  3] param/loadparm.c:lp_load_ex(8753)
  lp_load_ex: refreshing parameters
[2009/11/16 05:08:06,  3] param/loadparm.c:init_globals(4597)
  Initialising global parameters
[2009/11/16 05:08:06,  3] param/params.c:pm_process(569)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2009/11/16 05:08:06,  3] param/loadparm.c:do_section(7416)
  Processing section "[global]"
  doing parameter realm = SFSQA.COM
  doing parameter netbios name = brajesh
[2009/11/16 05:08:06,  4] param/loadparm.c:handle_netbios_name(6764)
  handle_netbios_name: set global_myname to: BRAJESH
  doing parameter server string = Scalable File Server
  doing parameter workgroup = SFSQA
  doing parameter security = domain
  doing parameter preferred master = no
  doing parameter domain master = no
  doing parameter local master = no
  doing parameter encrypt passwords = yes
  doing parameter password server = 10.209.110.210
  doing parameter idmap uid = 10000-20000
  doing parameter idmap gid = 10000-20000
  doing parameter idmap backend = idmap_rid:SFSQA=10000-20000
  doing parameter allow trusted domains = no
  doing parameter load printers = no
  doing parameter printcap name = /dev/null
  doing parameter disable spoolss = yes
  doing parameter winbind enum users = yes
  doing parameter winbind enum groups = yes
  doing parameter winbind use default domain = yes
  doing parameter log level = 5 passdb:3 auth:3 winbind:3
  doing parameter log file = /var/log/samba/log.%m
  doing parameter browseable = yes
  doing parameter lanman auth = no
  doing parameter ntlm auth = yes
  doing parameter obey pam restrictions = yes
  doing parameter kernel change notify = no
  doing parameter dos filemode = yes
  doing parameter host msdfs = yes
  doing parameter ldap admin dn = 
  doing parameter ldap suffix = 
  doing parameter ldap idmap suffix = ou=cifsidmap
  doing parameter map to guest = Bad User
  doing parameter username map = /opt/VRTSnasgw/conf/smbusers.map
  doing parameter netbios aliases = 
  doing parameter interfaces = 
  doing parameter wins support = no
[2009/11/16 05:08:06,  4] param/loadparm.c:lp_load_ex(8797)
  pm_process() returned Yes
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth0 ip=fe80::210:18ff:fe28:6c0c%pubeth0 bcast=fe80::ffff:ffff:ffff:ffff%pubeth0 netmask=ffff:ffff:ffff:ffff::
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth1 ip=fe80::210:18ff:fe28:6c16%pubeth1 bcast=fe80::ffff:ffff:ffff:ffff%pubeth1 netmask=ffff:ffff:ffff:ffff::
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface priveth1 ip=fe80::21d:9ff:fe0a:9170%priveth1 bcast=fe80::ffff:ffff:ffff:ffff%priveth1 netmask=ffff:ffff:ffff:ffff::
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface priveth0 ip=fe80::21d:9ff:fe0a:9172%priveth0 bcast=fe80::ffff:ffff:ffff:ffff%priveth0 netmask=ffff:ffff:ffff:ffff::
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth1 ip=10.209.105.148 bcast=10.209.107.255 netmask=255.255.252.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth1:0 ip=10.209.105.154 bcast=10.209.107.255 netmask=255.255.252.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface priveth0:1 ip=172.30.174.1 bcast=172.30.174.255 netmask=255.255.255.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface priveth0:0 ip=172.30.174.2 bcast=172.30.174.255 netmask=255.255.255.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface priveth0 ip=172.30.174.66 bcast=172.30.174.255 netmask=255.255.255.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth0 ip=10.209.105.147 bcast=10.209.107.255 netmask=255.255.252.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth0:1 ip=10.209.105.152 bcast=10.209.107.255 netmask=255.255.252.0
[2009/11/16 05:08:06,  2] lib/interface.c:add_interface(340)
  added interface pubeth0:0 ip=10.209.105.155 bcast=10.209.107.255 netmask=255.255.252.0
[2009/11/16 05:08:06,  3] libsmb/cliconnect.c:cli_start_connection(1651)
  Connecting to host=10.209.110.210
[2009/11/16 05:08:06,  3] lib/util_sock.c:open_socket_out(1400)
  Connecting to 10.209.110.210 at port 445
[2009/11/16 05:08:06,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine 10.209.110.210 pipe \lsarpc fnum 0x400b bind request returned ok.
[2009/11/16 05:08:06,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine 10.209.110.210 pipe \NETLOGON fnum 0x8007 bind request returned ok.
[2009/11/16 05:08:06,  3] libsmb/trusts_util.c:just_change_the_password(52)
  just_change_the_password: unable to setup creds (NT_STATUS_INVALID_COMPUTER_NAME)!
[2009/11/16 05:08:06,  1] utils/net_rpc.c:run_rpc_command(181)
  rpc command function failed! (NT_STATUS_INVALID_COMPUTER_NAME)
Enter administrator's password:
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_start_connection(1651)
  Connecting to host=10.209.110.210
[2009/11/16 05:08:11,  3] lib/util_sock.c:open_socket_out(1400)
  Connecting to 10.209.110.210 at port 445
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=107)
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/11/16 05:08:11,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=sfsqa_ad$@SFSQA.COM
[2009/11/16 05:08:11,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
  Got challenge flags:
[2009/11/16 05:08:11,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2009/11/16 05:08:11,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
  NTLMSSP: Set final flags:
[2009/11/16 05:08:11,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2009/11/16 05:08:11,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/11/16 05:08:11,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2009/11/16 05:08:11,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine 10.209.110.210 pipe \lsarpc fnum 0x8003 bind request returned ok.
[2009/11/16 05:08:11,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine 10.209.110.210 pipe \samr fnum 0x8004 bind request returned ok.
[2009/11/16 05:08:11,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine 10.209.110.210 pipe \NETLOGON fnum 0x8005 bind request returned ok.
[2009/11/16 05:08:11,  0] utils/net_rpc_join.c:net_rpc_join_newstyle(396)
  Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME
  
Unable to join domain SFSQA.
[2009/11/16 05:08:11,  2] utils/net.c:main(1172)
  return code = 1


My main concern is, when security is 'ads', domain join works with both host name and IP address. But, when security is 'domain', join only works with host name.
Comment 1 Volker Lendecke 2009-11-16 06:19:31 UTC
There's not much we can do about that. Samba needs to know the DC's name, not only its IP address. It might be a documentation bug, but it is not a code bug.

Sorry,

Volker