• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    samba domain integration

    Scheduled Pinned Locked Moved Solved
    Linux Problems
    8
    102
    74.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Tom ElliottT
      Tom Elliott
      last edited by

      I would ask if you have updated again.

      See, I’ve tested what I can, but I don’t have a logical answer as to why it’s not working for you. It should be.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      P 1 Reply Last reply Reply Quote 0
      • P
        plegrand @Sebastian Roth
        last edited by

        @Uncle-Frank
        Do you think he could explain me why i can join to samba domain with “all” method except with the new client ?

        It works with the classic manual method
        It works with netdom command line
        It works with legacy client
        It does not works with new client
        I cant see anything in samba log
        May be he could told me what is the difference between “legacy client” method an “new client” method.
        I’m ok to make some test if it’s usefull
        Thanks for your and Tom help

        I cant understand what happen

        1 Reply Last reply Reply Quote 0
        • P
          plegrand @Tom Elliott
          last edited by

          @Tom-Elliott
          As i install, uninstall, reinstall fog client, is it possible that windows kept first credential, the first i use with apostrophe in password ?
          while fog show (http://192.168.39.243/fog/service/hostname.php?mac=00:21:85:71:bd:8e) the good samba adminisrator ?

          1 Reply Last reply Reply Quote 0
          • P
            plegrand
            last edited by plegrand

            Hmmm… may be it’s important : i’m making this test on a windows XP machine
            Do i have to use legacy client for windows XP or it should works also with the new client ?
            May be new client use powershell for domain integration ?

            1 Reply Last reply Reply Quote 0
            • J
              Joe Schmitt Senior Developer
              last edited by

              @plegrand The error you reported in your last log “Invalid security token” is because you re-installed the client. You have to click “Reset Encryption Data” for the host on the web portal whenever you do that.

              Now then as for Samba. The most likely reason this only occurs for the new client is because the server can’t properly parse your ’ character. Here is why: The new client does on-the-fly encryption, meaning the server encrypts the AD password with a special encryption key only the client knows and sends it to the client. With the legacy client, you were giving the server the FOGCrypt’d password, which from a plain text perspective did not contain a ’ . More than likely it is because the server is stripping out the ’ , and nothing to do with the client. Every release the client is tested against multiple AD scenarios, and LDAP scenarios. In addition, it is XP compatible.

              I will try and confirm this shortly.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              P 1 Reply Last reply Reply Quote 0
              • J
                Joe Schmitt Senior Developer
                last edited by Joe Schmitt

                Confirmed. The server is replace ’ with &#39. This is now in @Tom-Elliott s domain

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                Tom ElliottT 1 Reply Last reply Reply Quote 0
                • P
                  plegrand @Joe Schmitt
                  last edited by

                  @Jbob i made all my test with a password without apostrophe " ’ ".
                  domain : samba_domain
                  domain admin : admin_samba
                  password domain admin : password
                  and then with this configuration :
                  It works with the classic manual method
                  It works with netdom command line
                  It works with legacy client
                  It does not works with new client
                  Thanks for your help

                  1 Reply Last reply Reply Quote 0
                  • J
                    Joe Schmitt Senior Developer
                    last edited by

                    As I previously stated, according to your log its because the client couldn’t authenticate. You have to press 'Reset Encryption Data"

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      plegrand @Joe Schmitt
                      last edited by

                      @Jbob i already do that . It was because i uninstalled legacy client and reinstall new client
                      Then i pressed 'Reset Encryption Data"
                      But afater that the problem is still there.
                      I cant join domain with new client

                      1 Reply Last reply Reply Quote 0
                      • J
                        Joe Schmitt Senior Developer
                        last edited by

                        @plegrand said:

                        I cant join domain with new client

                        Can you upload the log for that client?

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                        1 Reply Last reply Reply Quote 0
                        • Tom ElliottT
                          Tom Elliott
                          last edited by

                          also, can you update again, only this time, also re-enter the password in the ADPass field and/or fields.

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          1 Reply Last reply Reply Quote 0
                          • P
                            plegrand
                            last edited by plegrand

                            @Jbob You mean the c:\fog.log ?
                            I’ll send you tomorrow and i’ll try to be clear in my explanation 😉

                            @Tom-Elliott i’ll update tomorrow to make a try

                            1 Reply Last reply Reply Quote 0
                            • Tom ElliottT
                              Tom Elliott @Joe Schmitt
                              last edited by

                              @Jbob As you and I have verified in browser (with the context printing properly) the values appear to be fixed. However, you will have to update the stored value in the database. There is a possibility this will be unneeded, but I say better to be sure than just try.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • P
                                plegrand
                                last edited by

                                Here is all my test (netdom, legacy client, new client with log files).
                                As it’s litle long i made a pdf document
                                http://plegrand1.free.fr/Test_Samba_Domain.pdf

                                1 Reply Last reply Reply Quote 0
                                • P
                                  plegrand
                                  last edited by Joe Schmitt

                                  I discover something interesting.
                                  There is a file which log each try domain joining
                                  c:\windows\debug\NetSetup.LOG

                                  here is this file with the two tests (legacy and new client)

                                  NetSetup.LOG with the NEW client (which failed)

                                  10/02 10:18:24 -----------------------------------------------------------------
                                  10/02 10:18:24 NetpDoDomainJoin
                                  10/02 10:18:24 NetpMachineValidToJoin: 'gim-127-13'
                                  10/02 10:18:24 NetpGetLsaPrimaryDomain: status: 0x0
                                  10/02 10:18:24 NetpMachineValidToJoin: status: 0x0
                                  10/02 10:18:24 NetpJoinDomain
                                  10/02 10:18:24 	Machine: gim-127-13
                                  10/02 10:18:24 	Domain: samba_domain
                                  10/02 10:18:24 	MachineAccountOU: 
                                  10/02 10:18:24 	Account: samba_domain\admin_samba
                                  10/02 10:18:24 	Options: 0x3
                                  10/02 10:18:24 	OS Version: 5.1
                                  10/02 10:18:24 	Build number: 2600
                                  10/02 10:18:24 	ServicePack: Service Pack 3
                                  10/02 10:18:24 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
                                  10/02 10:18:24 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
                                  10/02 10:18:25 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
                                  10/02 10:18:25 NetpValidateName: name 'samba_domain' is valid for type 3
                                  10/02 10:18:25 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
                                  10/02 10:18:25 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
                                  10/02 10:18:25 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
                                  10/02 10:18:25 NetpJoinDomain: OU is specified but couldn't get NT5 DC
                                  10/02 10:18:25 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
                                  10/02 10:18:25 NetpDoDomainJoin: status: 0x54b
                                  10/02 10:19:26 -----------------------------------------------------------------
                                  

                                  NetSetup.LOG with the LEGACY client (which works fine)

                                  10/02 10:50:12 -----------------------------------------------------------------
                                  10/02 10:50:12 NetpDoDomainJoin
                                  10/02 10:50:12 NetpMachineValidToJoin: 'gim-127-13'
                                  10/02 10:50:12 NetpGetLsaPrimaryDomain: status: 0x0
                                  10/02 10:50:12 NetpMachineValidToJoin: status: 0x0
                                  10/02 10:50:12 NetpJoinDomain
                                  10/02 10:50:12 	Machine: gim-127-13
                                  10/02 10:50:12 	Domain: samba_domain
                                  10/02 10:50:12 	MachineAccountOU: (NULL)
                                  10/02 10:50:12 	Account: samba_domain\admin_samba
                                  10/02 10:50:12 	Options: 0x3
                                  10/02 10:50:12 	OS Version: 5.1
                                  10/02 10:50:12 	Build number: 2600
                                  10/02 10:50:12 	ServicePack: Service Pack 3
                                  10/02 10:50:12 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
                                  10/02 10:50:12 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
                                  10/02 10:50:12 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
                                  10/02 10:50:12 NetpValidateName: name 'samba_domain' is valid for type 3
                                  10/02 10:50:12 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
                                  10/02 10:50:20 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
                                  10/02 10:50:20 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
                                  10/02 10:50:20 NetpGetLsaPrimaryDomain: status: 0x0
                                  10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\SAMBA'
                                  10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
                                  10/02 10:50:20 NetpLsaOpenSecret: status: 0xc0000034
                                  10/02 10:50:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\SAMBA' for 'GIM-127-13$' failed: 0x8b0
                                  10/02 10:50:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\SAMBA' for 'GIM-127-13$': 0x0
                                  10/02 10:50:21 NetpJoinDomain: status of creating account: 0x0
                                  10/02 10:50:21 NetpGetLsaPrimaryDomain: status: 0x0
                                  10/02 10:50:21 NetpSetLsaPrimaryDomain: for 'SAMBA_DOMAIN' status: 0x0
                                  10/02 10:50:21 NetpJoinDomain: status of setting LSA pri. domain: 0x0
                                  10/02 10:50:21 NetpJoinDomain: status of managing local groups: 0x0
                                  10/02 10:50:21 NetpJoinDomain: status of setting netlogon cache: 0x0
                                  10/02 10:50:22 NetpJoinDomain: status of clearing ComputerNamePhysicalDnsDomain: 0x0
                                  10/02 10:50:22 NetpUpdateW32timeConfig: 0x0
                                  10/02 10:50:22 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
                                  10/02 10:50:22 NetpDoDomainJoin: status: 0x0
                                  10/02 10:53:12 -----------------------------------------------------------------
                                  10/02 10:53:12 NetpDoDomainJoin
                                  10/02 10:53:12 NetpMachineValidToJoin: 'gim-127-13'
                                  10/02 10:53:12 NetpGetLsaPrimaryDomain: status: 0x0
                                  10/02 10:53:12 NetpMachineValidToJoin: the specified machine is already joined to 'SAMBA_DOMAIN'!
                                  10/02 10:53:12 NetpMachineValidToJoin: status: 0xa83
                                  10/02 10:53:12 NetpDoDomainJoin: status: 0xa83
                                  

                                  May be it could help to find the problem

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Sebastian Roth Moderator
                                    last edited by

                                    Well that’s an interesting catch. The difference I see is that the output from the old client says MachineAccountOU: (NULL) whereas the output from the new client seams to be empty but not NULL. Later on it fails with NetpJoinDomain: OU is specified but couldn’t get NT5 DC
                                    @Jbob Can you think of why this is different? You know the client source code a lot better than I do! Maybe OU is send as empty string (“”) instead of NULL in the new client.

                                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                    P 1 Reply Last reply Reply Quote 0
                                    • P
                                      plegrand
                                      last edited by

                                      On the client windows xp i try this command nltest.exe :

                                      nltest.exe /dsgetdc:samba_domain
                                      DC: \SAMBA
                                      Address: \SAMBA
                                      Dom Name: SAMBA_DOMAIN
                                      The command completed successfully

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        plegrand @Sebastian Roth
                                        last edited by

                                        @Uncle-Frank Just for test i put “NULL” then “(NULL)” into “Organizational Unit” in AD configuration without success

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          Joe Schmitt Senior Developer
                                          last edited by

                                          Bug confirmed and isolated. Ticket has been made here:

                                          https://github.com/FOGProject/fog-client/issues/22

                                          Basic explanation:
                                          For some reason the samba LDAP domain is returning an error code of 1355 instead of 2 or 50 (which correspond to OU errors). On OU errors the client will try using a null OU. I just have to add 1355 to the cases of OU errors.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                          P 2 Replies Last reply Reply Quote 1
                                          • P
                                            plegrand @Joe Schmitt
                                            last edited by

                                            @Jbob Hello, does it means that the new client will works now or do i have to wait the new “patched” client ?
                                            Any way thanks for your help

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 5 / 6
                                            • First post
                                              Last post

                                            234

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project