RE: samba domain integration

@Jbob Hello, does it means that the new client will works now or do i have to wait the new “patched” client ?
Any way thanks for your help

@Uncle-Frank Just for test i put “NULL” then “(NULL)” into “Organizational Unit” in AD configuration without success

On the client windows xp i try this command nltest.exe :

nltest.exe /dsgetdc:samba_domain
DC: \SAMBA
Address: \SAMBA
Dom Name: SAMBA_DOMAIN
The command completed successfully

I discover something interesting.
There is a file which log each try domain joining
c:\windows\debug\NetSetup.LOG

here is this file with the two tests (legacy and new client)

NetSetup.LOG with the NEW client (which failed)

10/02 10:18:24 -----------------------------------------------------------------
10/02 10:18:24 NetpDoDomainJoin
10/02 10:18:24 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:18:24 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:18:24 NetpMachineValidToJoin: status: 0x0
10/02 10:18:24 NetpJoinDomain
10/02 10:18:24 	Machine: gim-127-13
10/02 10:18:24 	Domain: samba_domain
10/02 10:18:24 	MachineAccountOU: 
10/02 10:18:24 	Account: samba_domain\admin_samba
10/02 10:18:24 	Options: 0x3
10/02 10:18:24 	OS Version: 5.1
10/02 10:18:24 	Build number: 2600
10/02 10:18:24 	ServicePack: Service Pack 3
10/02 10:18:24 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
10/02 10:18:24 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
10/02 10:18:25 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
10/02 10:18:25 NetpValidateName: name 'samba_domain' is valid for type 3
10/02 10:18:25 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
10/02 10:18:25 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
10/02 10:18:25 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
10/02 10:18:25 NetpJoinDomain: OU is specified but couldn't get NT5 DC
10/02 10:18:25 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
10/02 10:18:25 NetpDoDomainJoin: status: 0x54b
10/02 10:19:26 -----------------------------------------------------------------

NetSetup.LOG with the LEGACY client (which works fine)

10/02 10:50:12 -----------------------------------------------------------------
10/02 10:50:12 NetpDoDomainJoin
10/02 10:50:12 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:50:12 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:12 NetpMachineValidToJoin: status: 0x0
10/02 10:50:12 NetpJoinDomain
10/02 10:50:12 	Machine: gim-127-13
10/02 10:50:12 	Domain: samba_domain
10/02 10:50:12 	MachineAccountOU: (NULL)
10/02 10:50:12 	Account: samba_domain\admin_samba
10/02 10:50:12 	Options: 0x3
10/02 10:50:12 	OS Version: 5.1
10/02 10:50:12 	Build number: 2600
10/02 10:50:12 	ServicePack: Service Pack 3
10/02 10:50:12 NetpValidateName: checking to see if 'samba_domain' is valid as type 3 name
10/02 10:50:12 NetpValidateName:  'samba_domain' is not a valid Dns domain name: 0x2554
10/02 10:50:12 NetpCheckDomainNameIsValid [ Exists ] for 'samba_domain' returned 0x0
10/02 10:50:12 NetpValidateName: name 'samba_domain' is valid for type 3
10/02 10:50:12 NetpDsGetDcName: trying to find DC in domain 'samba_domain', flags: 0x1020
10/02 10:50:20 NetpDsGetDcName: found DC '\\SAMBA' in the specified domain
10/02 10:50:20 NetpJoinDomain: status of connecting to dc '\\SAMBA': 0x0
10/02 10:50:20 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\SAMBA'
10/02 10:50:20 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
10/02 10:50:20 NetpLsaOpenSecret: status: 0xc0000034
10/02 10:50:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\SAMBA' for 'GIM-127-13$' failed: 0x8b0
10/02 10:50:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\SAMBA' for 'GIM-127-13$': 0x0
10/02 10:50:21 NetpJoinDomain: status of creating account: 0x0
10/02 10:50:21 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:50:21 NetpSetLsaPrimaryDomain: for 'SAMBA_DOMAIN' status: 0x0
10/02 10:50:21 NetpJoinDomain: status of setting LSA pri. domain: 0x0
10/02 10:50:21 NetpJoinDomain: status of managing local groups: 0x0
10/02 10:50:21 NetpJoinDomain: status of setting netlogon cache: 0x0
10/02 10:50:22 NetpJoinDomain: status of clearing ComputerNamePhysicalDnsDomain: 0x0
10/02 10:50:22 NetpUpdateW32timeConfig: 0x0
10/02 10:50:22 NetpJoinDomain: status of disconnecting from '\\SAMBA': 0x0
10/02 10:50:22 NetpDoDomainJoin: status: 0x0
10/02 10:53:12 -----------------------------------------------------------------
10/02 10:53:12 NetpDoDomainJoin
10/02 10:53:12 NetpMachineValidToJoin: 'gim-127-13'
10/02 10:53:12 NetpGetLsaPrimaryDomain: status: 0x0
10/02 10:53:12 NetpMachineValidToJoin: the specified machine is already joined to 'SAMBA_DOMAIN'!
10/02 10:53:12 NetpMachineValidToJoin: status: 0xa83
10/02 10:53:12 NetpDoDomainJoin: status: 0xa83

May be it could help to find the problem

Here is all my test (netdom, legacy client, new client with log files).
As it’s litle long i made a pdf document
http://plegrand1.free.fr/Test_Samba_Domain.pdf

@Jbob You mean the c:\fog.log ?
I’ll send you tomorrow and i’ll try to be clear in my explanation

@Tom-Elliott i’ll update tomorrow to make a try

@Jbob i already do that . It was because i uninstalled legacy client and reinstall new client
Then i pressed 'Reset Encryption Data"
But afater that the problem is still there.
I cant join domain with new client

@Jbob i made all my test with a password without apostrophe " ’ ".
domain : samba_domain
domain admin : admin_samba
password domain admin : password
and then with this configuration :
It works with the classic manual method
It works with netdom command line
It works with legacy client
It does not works with new client
Thanks for your help

Hmmm… may be it’s important : i’m making this test on a windows XP machine
Do i have to use legacy client for windows XP or it should works also with the new client ?
May be new client use powershell for domain integration ?

@Tom-Elliott
As i install, uninstall, reinstall fog client, is it possible that windows kept first credential, the first i use with apostrophe in password ?
while fog show (http://192.168.39.243/fog/service/hostname.php?mac=00:21:85:71:bd:8e) the good samba adminisrator ?

@Uncle-Frank
Do you think he could explain me why i can join to samba domain with “all” method except with the new client ?

It works with the classic manual method
It works with netdom command line
It works with legacy client
It does not works with new client
I cant see anything in samba log
May be he could told me what is the difference between “legacy client” method an “new client” method.
I’m ok to make some test if it’s usefull
Thanks for your and Tom help

I cant understand what happen

@Tom-Elliott Hello Tom, do you think my problem come from a bug in the new client, or from me and my configuration?
Do you want i make some other tests ?
Thanks

@Tom-Elliott May be i didn’t understand your question?
Do you need more information ?
I think legacy client and new client doesn’t use the same method to join domain. Am i wrong ?
Just to be clear
join domain works fine with legacy client and doesn’t works with the new client
I made the tests with the same domain user and the same password
clear for new client
and encrypted with Fog Crypt for the legacy client

@Tom-Elliott it’s the same password used
i put the “real” password into “Domain Password” field
and same password encrypted with FogCrypt into “Domain Password Legacy” field

@Tom-Elliott Eureka !!
I made some tests, and i know why i said it worked before : it works with the legacy client and
“Domain Password Legacy” field filled
without problem.
Then i uninstalled legacy client and install new client but now there is an other error

29/09/2015 16:39 Client-Info Version: 0.9.5
 29/09/2015 16:39 HostnameChanger Running...
 29/09/2015 16:39 Middleware::Communication URL: http://192.168.39.243/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:21:85:71:BD:8E|&newService=1
 29/09/2015 16:39 Middleware::Communication Response: Success
 29/09/2015 16:39 Middleware::Communication URL: http://192.168.39.243/fog/service/hostname.php?moduleid=hostnamechanger&mac=00:21:85:71:BD:8E|&newService=1
 29/09/2015 16:39 Middleware::Communication Response: Invalid host certificate
 29/09/2015 16:39 Middleware::Communication URL: http://192.168.39.243/fog/management/other/ssl/srvpublic.crt
 29/09/2015 16:39 Data::RSA CA cert found
 29/09/2015 16:39 Middleware::Authentication Cert OK
 29/09/2015 16:39 Middleware::Communication POST URL: http://192.168.39.243/fog/management/index.php?sub=authorize
 29/09/2015 16:39 Middleware::Communication Response: Invalid security token

@Uncle-Frank said:

The ipxe.krn binary is actually in the format of a linux kernel. I am still wondering why this is working for you but the others don’t. If you are keen you could capture the boot traffic using tcpdump/wireshark and see what’s going on while you see “sending discovery loop”
On wich server i run tcpdump ? My dhcp-tftp server or the fog one ?
What should be the good command line to see everything with tcpdump ?

Thanks for your help

@Tom-Elliott in fact i just begin to wonder if it worked once
I cant understand why it works with netdom command and not with fog client

Do i have to uninstall and reinstall client to ?

@Tom-Elliott and then
cd bin
./installfog.sh

?
i test that thanks

@Tom-Elliott is it possible to downgrade to a svn version for example 4058 then test all svn version to 4065 to see which version worked ?

@Tom-Elliott oups no .
I test now
Join Domain after image task : checked
Domain name : samba_domain
Domain Username : \admin_samba
Domain Password : password

http://192.168.39.243/fog/service/hostname.php?mac=00:21:85:71:bd:8e
#!ok=gim-127-13 #AD=1 #ADDom=samba_domain #ADOU= #ADUser=samba_domain\\admin_samba #ADPass=
No more success
In fog.log :
The parameter is incorrect, code = 87