samba domain integration

plegrand

@Jbob i already do that . It was because i uninstalled legacy client and reinstall new client
Then i pressed 'Reset Encryption Data"
But afater that the problem is still there.
I cant join domain with new client

Joe Schmitt

@plegrand said:

I cant join domain with new client

Can you upload the log for that client?

Tom Elliott

also, can you update again, only this time, also re-enter the password in the ADPass field and/or fields.

plegrand

@Jbob You mean the c:\fog.log ?
I’ll send you tomorrow and i’ll try to be clear in my explanation

@Tom-Elliott i’ll update tomorrow to make a try

Tom Elliott

@Jbob As you and I have verified in browser (with the context printing properly) the values appear to be fixed. However, you will have to update the stored value in the database. There is a possibility this will be unneeded, but I say better to be sure than just try.

plegrand

Here is all my test (netdom, legacy client, new client with log files).
As it’s litle long i made a pdf document
http://plegrand1.free.fr/Test_Samba_Domain.pdf

plegrand

I discover something interesting.
There is a file which log each try domain joining
c:\windows\debug\NetSetup.LOG

here is this file with the two tests (legacy and new client)

NetSetup.LOG with the NEW client (which failed)

10/02 10:18:24 -----------------------------------------------------------------
10/02 10:18:24 NetpDoDomainJoin
10/02 10:18:24 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:18:24 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:18:24 NetpMachineValidToJoin: status: 0x0
10/02 10:18:24 NetpJoinDomain
10/02 10:18:24 	Machine: gim-127-13
10/02 10:18:24 	Domain: samba_domain
10/02 10:18:24 	MachineAccountOU: 
10/02 10:18:24 	Account: samba_domain\admin_samba
10/02 10:18:24 	Options: 0x3
10/02 10:18:24 	OS Version: 5.1
10/02 10:18:24 	Build number: 2600
10/02 10:18:24 	ServicePack: Service Pack 3
10/02 10:18:24 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
10/02 10:18:24 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
10/02 10:18:25 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
10/02 10:18:25 NetpValidateName: name 'samba_domain' is valid for type 3
10/02 10:18:25 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
10/02 10:18:25 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
10/02 10:18:25 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
10/02 10:18:25 NetpJoinDomain: OU is specified but couldn't get NT5 DC
10/02 10:18:25 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
10/02 10:18:25 NetpDoDomainJoin: status: 0x54b
10/02 10:19:26 -----------------------------------------------------------------

NetSetup.LOG with the LEGACY client (which works fine)

10/02 10:50:12 -----------------------------------------------------------------
10/02 10:50:12 NetpDoDomainJoin
10/02 10:50:12 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:50:12 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:12 NetpMachineValidToJoin: status: 0x0
10/02 10:50:12 NetpJoinDomain
10/02 10:50:12 	Machine: gim-127-13
10/02 10:50:12 	Domain: samba_domain
10/02 10:50:12 	MachineAccountOU: (NULL)
10/02 10:50:12 	Account: samba_domain\admin_samba
10/02 10:50:12 	Options: 0x3
10/02 10:50:12 	OS Version: 5.1
10/02 10:50:12 	Build number: 2600
10/02 10:50:12 	ServicePack: Service Pack 3
10/02 10:50:12 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
10/02 10:50:12 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
10/02 10:50:12 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
10/02 10:50:12 NetpValidateName: name 'samba_domain' is valid for type 3
10/02 10:50:12 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
10/02 10:50:20 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
10/02 10:50:20 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
10/02 10:50:20 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\SAMBA'
10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
10/02 10:50:20 NetpLsaOpenSecret: status: 0xc0000034
10/02 10:50:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\SAMBA' for 'GIM-127-13$' failed: 0x8b0
10/02 10:50:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\SAMBA' for 'GIM-127-13$': 0x0
10/02 10:50:21 NetpJoinDomain: status of creating account: 0x0
10/02 10:50:21 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:21 NetpSetLsaPrimaryDomain: for 'SAMBA_DOMAIN' status: 0x0
10/02 10:50:21 NetpJoinDomain: status of setting LSA pri. domain: 0x0
10/02 10:50:21 NetpJoinDomain: status of managing local groups: 0x0
10/02 10:50:21 NetpJoinDomain: status of setting netlogon cache: 0x0
10/02 10:50:22 NetpJoinDomain: status of clearing ComputerNamePhysicalDnsDomain: 0x0
10/02 10:50:22 NetpUpdateW32timeConfig: 0x0
10/02 10:50:22 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
10/02 10:50:22 NetpDoDomainJoin: status: 0x0
10/02 10:53:12 -----------------------------------------------------------------
10/02 10:53:12 NetpDoDomainJoin
10/02 10:53:12 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:53:12 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:53:12 NetpMachineValidToJoin: the specified machine is already joined to 'SAMBA_DOMAIN'!
10/02 10:53:12 NetpMachineValidToJoin: status: 0xa83
10/02 10:53:12 NetpDoDomainJoin: status: 0xa83

May be it could help to find the problem

Sebastian Roth

Well that’s an interesting catch. The difference I see is that the output from the old client says MachineAccountOU: (NULL) whereas the output from the new client seams to be empty but not NULL. Later on it fails with NetpJoinDomain: OU is specified but couldn’t get NT5 DC
@Jbob Can you think of why this is different? You know the client source code a lot better than I do! Maybe OU is send as empty string (“”) instead of NULL in the new client.

plegrand

On the client windows xp i try this command nltest.exe :

nltest.exe /dsgetdc:samba_domain
DC: \SAMBA
Address: \SAMBA
Dom Name: SAMBA_DOMAIN
The command completed successfully

plegrand

@Uncle-Frank Just for test i put “NULL” then “(NULL)” into “Organizational Unit” in AD configuration without success

Joe Schmitt

Bug confirmed and isolated. Ticket has been made here:

https://github.com/FOGProject/fog-client/issues/22

Basic explanation:
For some reason the samba LDAP domain is returning an error code of 1355 instead of 2 or 50 (which correspond to OU errors). On OU errors the client will try using a null OU. I just have to add 1355 to the cases of OU errors.

plegrand

@Jbob Hello, does it means that the new client will works now or do i have to wait the new “patched” client ?
Any way thanks for your help

Joe Schmitt

@plegrand The patch will be applied next release.

plegrand

@Jbob Just for information , as i don’t know if the client have the patch which permit to join samba domain, i made a test today without success.
Same problem. But may be I’ve to wait a little.

Joe Schmitt

The patch will only be applied on the next official release 0.9.6 or 0.10.0

plegrand

@Jbob thanks for your answer, for the moment i use the 4103 .
Thanks again

plegrand

@Jbob is there a date for this new release ?

Joe Schmitt

@plegrand

No release date is planned. For now keep using the legacy client. The next release of the client will be v0.10.0 which will include OSX + Linux compatibility.

Wayne Workman

@Jbob said:

@plegrand

No release date is planned. For now keep using the legacy client. The next release of the client will be v0.10.0 which will include OSX + Linux compatibility.

That’s what I’m waiting for!

That is gonna blow minds left and right.

Joe Schmitt

@plegrand v0.9.6 is released, and this includes the Samba fix. (https://news.fogproject.org/client-v0-9-6/)