samba domain integration

plegrand · Oct 2, 2015, 7:05 AM

Here is all my test (netdom, legacy client, new client with log files).
As it’s litle long i made a pdf document
http://plegrand1.free.fr/Test_Samba_Domain.pdf

plegrand · Oct 2, 2015, 8:59 AM

I discover something interesting.
There is a file which log each try domain joining
c:\windows\debug\NetSetup.LOG

here is this file with the two tests (legacy and new client)

NetSetup.LOG with the NEW client (which failed)

10/02 10:18:24 -----------------------------------------------------------------
10/02 10:18:24 NetpDoDomainJoin
10/02 10:18:24 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:18:24 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:18:24 NetpMachineValidToJoin: status: 0x0
10/02 10:18:24 NetpJoinDomain
10/02 10:18:24 	Machine: gim-127-13
10/02 10:18:24 	Domain: samba_domain
10/02 10:18:24 	MachineAccountOU: 
10/02 10:18:24 	Account: samba_domain\admin_samba
10/02 10:18:24 	Options: 0x3
10/02 10:18:24 	OS Version: 5.1
10/02 10:18:24 	Build number: 2600
10/02 10:18:24 	ServicePack: Service Pack 3
10/02 10:18:24 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
10/02 10:18:24 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
10/02 10:18:25 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
10/02 10:18:25 NetpValidateName: name 'samba_domain' is valid for type 3
10/02 10:18:25 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
10/02 10:18:25 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
10/02 10:18:25 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
10/02 10:18:25 NetpJoinDomain: OU is specified but couldn't get NT5 DC
10/02 10:18:25 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
10/02 10:18:25 NetpDoDomainJoin: status: 0x54b
10/02 10:19:26 -----------------------------------------------------------------

NetSetup.LOG with the LEGACY client (which works fine)

10/02 10:50:12 -----------------------------------------------------------------
10/02 10:50:12 NetpDoDomainJoin
10/02 10:50:12 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:50:12 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:12 NetpMachineValidToJoin: status: 0x0
10/02 10:50:12 NetpJoinDomain
10/02 10:50:12 	Machine: gim-127-13
10/02 10:50:12 	Domain: samba_domain
10/02 10:50:12 	MachineAccountOU: (NULL)
10/02 10:50:12 	Account: samba_domain\admin_samba
10/02 10:50:12 	Options: 0x3
10/02 10:50:12 	OS Version: 5.1
10/02 10:50:12 	Build number: 2600
10/02 10:50:12 	ServicePack: Service Pack 3
10/02 10:50:12 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
10/02 10:50:12 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
10/02 10:50:12 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
10/02 10:50:12 NetpValidateName: name 'samba_domain' is valid for type 3
10/02 10:50:12 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
10/02 10:50:20 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
10/02 10:50:20 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
10/02 10:50:20 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\SAMBA'
10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
10/02 10:50:20 NetpLsaOpenSecret: status: 0xc0000034
10/02 10:50:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\SAMBA' for 'GIM-127-13$' failed: 0x8b0
10/02 10:50:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\SAMBA' for 'GIM-127-13$': 0x0
10/02 10:50:21 NetpJoinDomain: status of creating account: 0x0
10/02 10:50:21 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:21 NetpSetLsaPrimaryDomain: for 'SAMBA_DOMAIN' status: 0x0
10/02 10:50:21 NetpJoinDomain: status of setting LSA pri. domain: 0x0
10/02 10:50:21 NetpJoinDomain: status of managing local groups: 0x0
10/02 10:50:21 NetpJoinDomain: status of setting netlogon cache: 0x0
10/02 10:50:22 NetpJoinDomain: status of clearing ComputerNamePhysicalDnsDomain: 0x0
10/02 10:50:22 NetpUpdateW32timeConfig: 0x0
10/02 10:50:22 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
10/02 10:50:22 NetpDoDomainJoin: status: 0x0
10/02 10:53:12 -----------------------------------------------------------------
10/02 10:53:12 NetpDoDomainJoin
10/02 10:53:12 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:53:12 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:53:12 NetpMachineValidToJoin: the specified machine is already joined to 'SAMBA_DOMAIN'!
10/02 10:53:12 NetpMachineValidToJoin: status: 0xa83
10/02 10:53:12 NetpDoDomainJoin: status: 0xa83

May be it could help to find the problem

Sebastian Roth · Oct 2, 2015, 9:46 AM

Well that’s an interesting catch. The difference I see is that the output from the old client says MachineAccountOU: (NULL) whereas the output from the new client seams to be empty but not NULL. Later on it fails with NetpJoinDomain: OU is specified but couldn’t get NT5 DC
@Jbob Can you think of why this is different? You know the client source code a lot better than I do! Maybe OU is send as empty string (“”) instead of NULL in the new client.

plegrand · Oct 2, 2015, 9:51 AM

On the client windows xp i try this command nltest.exe :

nltest.exe /dsgetdc:samba_domain
DC: \SAMBA
Address: \SAMBA
Dom Name: SAMBA_DOMAIN
The command completed successfully

plegrand · Oct 2, 2015, 12:05 PM

@Uncle-Frank Just for test i put “NULL” then “(NULL)” into “Organizational Unit” in AD configuration without success

Joe Schmitt · Oct 2, 2015, 3:06 PM

Bug confirmed and isolated. Ticket has been made here:

https://github.com/FOGProject/fog-client/issues/22

Basic explanation:
For some reason the samba LDAP domain is returning an error code of 1355 instead of 2 or 50 (which correspond to OU errors). On OU errors the client will try using a null OU. I just have to add 1355 to the cases of OU errors.

plegrand · Oct 5, 2015, 7:11 AM

@Jbob Hello, does it means that the new client will works now or do i have to wait the new “patched” client ?
Any way thanks for your help

Joe Schmitt · Oct 5, 2015, 1:25 PM

@plegrand The patch will be applied next release.

plegrand · Oct 5, 2015, 1:27 PM

@Jbob Just for information , as i don’t know if the client have the patch which permit to join samba domain, i made a test today without success.
Same problem. But may be I’ve to wait a little.

Joe Schmitt · Oct 5, 2015, 1:29 PM

The patch will only be applied on the next official release 0.9.6 or 0.10.0

plegrand · Oct 5, 2015, 1:30 PM

@Jbob thanks for your answer, for the moment i use the 4103 .
Thanks again

plegrand · Oct 6, 2015, 12:29 PM

@Jbob is there a date for this new release ?

Joe Schmitt · Oct 9, 2015, 1:03 AM

@plegrand

No release date is planned. For now keep using the legacy client. The next release of the client will be v0.10.0 which will include OSX + Linux compatibility.

Wayne Workman · Oct 9, 2015, 1:17 AM

@Jbob said:

@plegrand

No release date is planned. For now keep using the legacy client. The next release of the client will be v0.10.0 which will include OSX + Linux compatibility.

That’s what I’m waiting for!

That is gonna blow minds left and right.

Joe Schmitt · Nov 12, 2015, 3:57 AM

@plegrand v0.9.6 is released, and this includes the Samba fix. (https://news.fogproject.org/client-v0-9-6/)

plegrand · Nov 12, 2015, 7:14 AM

@Jbob Wonderful !!!
I was waiting for this !!
I’m going to test today and i’ll tell you the result
thanks again !!!

plegrand · Feb 4, 2016, 12:35 PM

@Jbob Hello
In first sorry for this long delay
I just made the test today with the latest client. Everything seems to work fine !!

samba domain integration

167

12.0k

17.3k

155.2k