samba domain integration
-
@Jbob i made all my test with a password without apostrophe " ’ ".
domain : samba_domain
domain admin : admin_samba
password domain admin : password
and then with this configuration :
It works with the classic manual method
It works with netdom command line
It works with legacy client
It does not works with new client
Thanks for your help -
As I previously stated, according to your log its because the client couldn’t authenticate. You have to press 'Reset Encryption Data"
-
@Jbob i already do that . It was because i uninstalled legacy client and reinstall new client
Then i pressed 'Reset Encryption Data"
But afater that the problem is still there.
I cant join domain with new client -
-
also, can you update again, only this time, also re-enter the password in the ADPass field and/or fields.
-
@Jbob You mean the c:\fog.log ?
I’ll send you tomorrow and i’ll try to be clear in my explanation@Tom-Elliott i’ll update tomorrow to make a try
-
@Jbob As you and I have verified in browser (with the context printing properly) the values appear to be fixed. However, you will have to update the stored value in the database. There is a possibility this will be unneeded, but I say better to be sure than just try.
-
Here is all my test (netdom, legacy client, new client with log files).
As it’s litle long i made a pdf document
http://plegrand1.free.fr/Test_Samba_Domain.pdf -
I discover something interesting.
There is a file which log each try domain joining
c:\windows\debug\NetSetup.LOGhere is this file with the two tests (legacy and new client)
NetSetup.LOG with the NEW client (which failed)
10/02 10:18:24 ----------------------------------------------------------------- 10/02 10:18:24 NetpDoDomainJoin 10/02 10:18:24 NetpMachineValidToJoin: 'gim-127-13' 10/02 10:18:24 NetpGetLsaPrimaryDomain: status: 0x0 10/02 10:18:24 NetpMachineValidToJoin: status: 0x0 10/02 10:18:24 NetpJoinDomain 10/02 10:18:24 Machine: gim-127-13 10/02 10:18:24 Domain: samba_domain 10/02 10:18:24 MachineAccountOU: 10/02 10:18:24 Account: samba_domain\admin_samba 10/02 10:18:24 Options: 0x3 10/02 10:18:24 OS Version: 5.1 10/02 10:18:24 Build number: 2600 10/02 10:18:24 ServicePack: Service Pack 3 10/02 10:18:24 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name 10/02 10:18:24 NetpValidateName: 'samba_domain' is not a valid Dns domain name: 0x2554 10/02 10:18:25 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0 10/02 10:18:25 NetpValidateName: name 'samba_domain' is valid for type 3 10/02 10:18:25 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020 10/02 10:18:25 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain 10/02 10:18:25 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0 10/02 10:18:25 NetpJoinDomain: OU is specified but couldn't get NT5 DC 10/02 10:18:25 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0 10/02 10:18:25 NetpDoDomainJoin: status: 0x54b 10/02 10:19:26 -----------------------------------------------------------------
NetSetup.LOG with the LEGACY client (which works fine)
10/02 10:50:12 ----------------------------------------------------------------- 10/02 10:50:12 NetpDoDomainJoin 10/02 10:50:12 NetpMachineValidToJoin: 'gim-127-13' 10/02 10:50:12 NetpGetLsaPrimaryDomain: status: 0x0 10/02 10:50:12 NetpMachineValidToJoin: status: 0x0 10/02 10:50:12 NetpJoinDomain 10/02 10:50:12 Machine: gim-127-13 10/02 10:50:12 Domain: samba_domain 10/02 10:50:12 MachineAccountOU: (NULL) 10/02 10:50:12 Account: samba_domain\admin_samba 10/02 10:50:12 Options: 0x3 10/02 10:50:12 OS Version: 5.1 10/02 10:50:12 Build number: 2600 10/02 10:50:12 ServicePack: Service Pack 3 10/02 10:50:12 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name 10/02 10:50:12 NetpValidateName: 'samba_domain' is not a valid Dns domain name: 0x2554 10/02 10:50:12 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0 10/02 10:50:12 NetpValidateName: name 'samba_domain' is valid for type 3 10/02 10:50:12 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020 10/02 10:50:20 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain 10/02 10:50:20 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0 10/02 10:50:20 NetpGetLsaPrimaryDomain: status: 0x0 10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\SAMBA' 10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0 10/02 10:50:20 NetpLsaOpenSecret: status: 0xc0000034 10/02 10:50:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\SAMBA' for 'GIM-127-13$' failed: 0x8b0 10/02 10:50:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\SAMBA' for 'GIM-127-13$': 0x0 10/02 10:50:21 NetpJoinDomain: status of creating account: 0x0 10/02 10:50:21 NetpGetLsaPrimaryDomain: status: 0x0 10/02 10:50:21 NetpSetLsaPrimaryDomain: for 'SAMBA_DOMAIN' status: 0x0 10/02 10:50:21 NetpJoinDomain: status of setting LSA pri. domain: 0x0 10/02 10:50:21 NetpJoinDomain: status of managing local groups: 0x0 10/02 10:50:21 NetpJoinDomain: status of setting netlogon cache: 0x0 10/02 10:50:22 NetpJoinDomain: status of clearing ComputerNamePhysicalDnsDomain: 0x0 10/02 10:50:22 NetpUpdateW32timeConfig: 0x0 10/02 10:50:22 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0 10/02 10:50:22 NetpDoDomainJoin: status: 0x0 10/02 10:53:12 ----------------------------------------------------------------- 10/02 10:53:12 NetpDoDomainJoin 10/02 10:53:12 NetpMachineValidToJoin: 'gim-127-13' 10/02 10:53:12 NetpGetLsaPrimaryDomain: status: 0x0 10/02 10:53:12 NetpMachineValidToJoin: the specified machine is already joined to 'SAMBA_DOMAIN'! 10/02 10:53:12 NetpMachineValidToJoin: status: 0xa83 10/02 10:53:12 NetpDoDomainJoin: status: 0xa83
May be it could help to find the problem
-
Well that’s an interesting catch. The difference I see is that the output from the old client says
MachineAccountOU: (NULL)
whereas the output from the new client seams to be empty but not NULL. Later on it fails withNetpJoinDomain: OU is specified but couldn’t get NT5 DC
@Jbob Can you think of why this is different? You know the client source code a lot better than I do! Maybe OU is send as empty string (“”) instead of NULL in the new client. -
On the client windows xp i try this command nltest.exe :
nltest.exe /dsgetdc:samba_domain
DC: \SAMBA
Address: \SAMBA
Dom Name: SAMBA_DOMAIN
The command completed successfully -
@Uncle-Frank Just for test i put “NULL” then “(NULL)” into “Organizational Unit” in AD configuration without success
-
Bug confirmed and isolated. Ticket has been made here:
https://github.com/FOGProject/fog-client/issues/22
Basic explanation:
For some reason the samba LDAP domain is returning an error code of 1355 instead of 2 or 50 (which correspond to OU errors). On OU errors the client will try using a null OU. I just have to add 1355 to the cases of OU errors. -
@Jbob Hello, does it means that the new client will works now or do i have to wait the new “patched” client ?
Any way thanks for your help -
@plegrand The patch will be applied next release.
-
@Jbob Just for information , as i don’t know if the client have the patch which permit to join samba domain, i made a test today without success.
Same problem. But may be I’ve to wait a little. -
The patch will only be applied on the next official release 0.9.6 or 0.10.0
-
@Jbob thanks for your answer, for the moment i use the 4103 .
Thanks again -
@Jbob is there a date for this new release ?
-
No release date is planned. For now keep using the legacy client. The next release of the client will be v0.10.0 which will include OSX + Linux compatibility.