« previous next »
Pages: [1] 2

Author Topic: Cannot join zentyal domain  (Read 4389 times)

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Cannot join zentyal domain
« on: May 09, 2014, 07:48:39 pm »
I work in a small office, appropriately 25 users.  We currently use AD served from a Windows 2000 Server.  We have to retire our current AD Server.  Considering the number of users and the the few tasks our ADC manages; workstation authentication, DNS, and four our five file shares we think its a good time to explore alternatives before buying a Windows Server license and an office full of CALS.

I have set up zentyal 3.4 on the workstation network 10.10.10.0/24.  On this network there exists an ADC at 10.10.10.21 for the domain domain/domain.abc.com.  Our zematyl server is called dclnx1.lan.abc.com and is parked at eth0:10.10.10.18 and eth1:10.100.100.18

I created a host called vmwswin1 and I would like to join it to the new domain lan/lan.abc.com.

I created a static dhcp rule in our gateway to ip the host vmswin1 and pointed its dns to dclnx1.

When I try to join vmswin1 to the domain I get the following error:


DOMAIN:lan.abc.com

The following error occured attempting to joing the domain "lan.abc.com":

Login failure unknown user or bad password.


DOMAIN:lan

The following error occured attempting to joing the domain "lan":

The specified domain does not exist or could not be located.

Logged
Zentyal CE 4.0.5

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: Cannot join zentyal domain
« Reply #1 on: May 09, 2014, 08:33:40 pm »
Hello: lan.abc.com is the right one. Make sure you are providing a Domain Admin user when asked for credentials to join the samba AD domain
Moreover make sure that there is no time skew between server and workstation
Logged

RobinDaun

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +1/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #2 on: May 11, 2014, 01:04:32 pm »
I have the same issue when just trying to join with a win7 computer i get to put in username and password but gets this error afterwards.

The following error occured attempting to joing the domain "mydomain":

The specified domain does not exist or could not be located.



Have tried everyhting. I have followed this installation http://www.tecmint.com/install-zentyal-as-primary-domain-controller-and-integrate-windows-system/ this part dosent work tough i can ping the ip but not the domain name 38. To be sure that everything is OK try first pinging your pdc server address and then ping domain name. I got the same error before when i did the installatioon myself but get the same error now.

i uisng Virtualbox it works to join the MS Server 2012 without issues but i wanted to try an Linux cause i like it and want to try to use it as a PDC with AD
« Last Edit: May 11, 2014, 04:04:26 pm by RobinDaun »
Logged

RobinDaun

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +1/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #3 on: May 11, 2014, 04:01:57 pm »
Same error with Windows 8 what is the issue somone must now what the problem is. I think it is a DNS issue. i would really love tto get this working.
« Last Edit: May 11, 2014, 04:05:16 pm by RobinDaun »
Logged

RobinDaun

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +1/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #4 on: May 11, 2014, 04:20:45 pm »
Okey i solved it since i do this to learn this. I did as i did with win server and named my domain *****.local when i changed it to .com it worked.
Logged

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #5 on: June 13, 2014, 05:47:52 pm »
Quote from: jbahillo on May 09, 2014, 08:33:40 pm
Hello: lan.abc.com is the right one. Make sure you are providing a Domain Admin user when asked for credentials to join the samba AD domain
Moreover make sure that there is no time skew between server and workstation

Adding the user to the Domain Admin groups did it.  Unfortunatley we are now having the same problem with the paid trial edition.  We have added users to the domain admin group but when  trying to join the domain we get the bad/user passowrd error.  How to troubleshoot this?
Logged
Zentyal CE 4.0.5

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #6 on: June 17, 2014, 06:18:53 pm »
This is the what the samba log shows when trying to add a computer to the domain after being queried for a Domain Admin user/password:

[2014/06/17 12:14:56.603187,  2] ../source3/smbd/server.c:437(remove_child_pid)
  Could not find child 30169 -- ignoring
[2014/06/17 12:15:05.343397,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 10.10.10.109 (10.10.10.109)
[2014/06/17 12:15:05.343558,  3] ../source3/smbd/oplock.c:870(init_oplocks)
  init_oplocks: initializing messages.
[2014/06/17 12:15:05.343739,  3] ../source3/smbd/process.c:1802(process_smb)
  Transaction 0 of length 159 (0 toread)
[2014/06/17 12:15:05.343785,  3] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBnegprot (pid 30191) conn 0x0
[2014/06/17 12:15:05.344487,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2014/06/17 12:15:05.344525,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN1.0]
[2014/06/17 12:15:05.344553,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2014/06/17 12:15:05.344579,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LM1.2X002]
[2014/06/17 12:15:05.344609,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN2.1]
[2014/06/17 12:15:05.344636,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [NT LM 0.12]
[2014/06/17 12:15:05.344662,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [SMB 2.002]
[2014/06/17 12:15:05.344688,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [SMB 2.???]
[2014/06/17 12:15:05.344815,  3] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2014/06/17 12:15:05.345915,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2014/06/17 12:15:05.345950,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2014/06/17 12:15:05.345976,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2014/06/17 12:15:05.346004,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'schannel' registered
[2014/06/17 12:15:05.346045,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'spnego' registered
[2014/06/17 12:15:05.346073,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2014/06/17 12:15:05.346099,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'krb5' registered
[2014/06/17 12:15:05.346124,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2014/06/17 12:15:05.347474,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:05.348409,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam' registered
[2014/06/17 12:15:05.348449,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2014/06/17 12:15:05.348481,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'anonymous' registered
[2014/06/17 12:15:05.348513,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind' registered
[2014/06/17 12:15:05.348543,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2014/06/17 12:15:05.348578,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2014/06/17 12:15:05.348610,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'unix' registered
[2014/06/17 12:15:05.353076,  3] ../source3/smbd/negprot.c:671(reply_negprot)
  Selected protocol SMB 2.???
[2014/06/17 12:15:05.353649,  3] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_10
[2014/06/17 12:15:05.354148,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:05.361466,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:05.363475,  3] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2014/06/17 12:15:05.364516,  3] ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
  Got user=[dcadmin] domain=[lan.abc.com] workstation=[D820] len1=24 len2=266
[2014/06/17 12:15:05.364577,  3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user [lan.abc.com]\[dcadmin]@[D820]
  auth_check_password_send: mapped user is: [LAN]\[dcadmin]@[D820]
[2014/06/17 12:15:05.365668,  3] ../source4/auth/ntlm/auth_sam.c:65(authsam_search_account)
  authsam_search_account: Couldn't find user [dcadmin] in samdb, under DC=lan,DC=abc,DC=com
[2014/06/17 12:15:05.366040,  3] ../source4/auth/ntlm/auth_sam.c:99(authsam_search_account)
  authsam_search_account: Account for guest user is disabled.
[2014/06/17 12:15:05.366076,  2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
  auth_check_password_recv: sam_ignoredomain authentication for user [LAN\dcadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/06/17 12:15:05.366118,  2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2014/06/17 12:15:05.366854,  3] ../source3/smbd/server_exit.c:221(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)
[2014/06/17 12:15:05.377099,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 10.10.10.109 (10.10.10.109)
[2014/06/17 12:15:05.377256,  3] ../source3/smbd/oplock.c:870(init_oplocks)
  init_oplocks: initializing messages.
[2014/06/17 12:15:05.377459,  3] ../source3/smbd/process.c:1802(process_smb)
  Transaction 0 of length 108 (0 toread)
[2014/06/17 12:15:05.377584,  3] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_10
[2014/06/17 12:15:05.379070,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2014/06/17 12:15:05.379105,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2014/06/17 12:15:05.379131,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2014/06/17 12:15:05.379175,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'schannel' registered
[2014/06/17 12:15:05.379202,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'spnego' registered
[2014/06/17 12:15:05.379228,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2014/06/17 12:15:05.379254,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'krb5' registered
[2014/06/17 12:15:05.379280,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2014/06/17 12:15:05.380645,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:05.381594,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam' registered
[2014/06/17 12:15:05.381633,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2014/06/17 12:15:05.381665,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'anonymous' registered
[2014/06/17 12:15:05.381696,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind' registered
[2014/06/17 12:15:05.381726,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2014/06/17 12:15:05.381756,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2014/06/17 12:15:05.381787,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'unix' registered
[2014/06/17 12:15:05.388047,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:05.389763,  3] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2014/06/17 12:15:05.390572,  3] ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
  Got user=[] domain=[] workstation=[D820] len1=1 len2=0
[2014/06/17 12:15:05.390631,  3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user []\[]@[D820]
  auth_check_password_send: mapped user is: [LAN]\[]@[D820]
[2014/06/17 12:15:05.390766,  3] ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)
  NTLMSSP Sign/Seal - Initialising with flags:
[2014/06/17 12:15:05.390792,  3] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088215
[2014/06/17 12:15:05.392375,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 10.10.10.109 (10.10.10.109)
[2014/06/17 12:15:05.392520,  3] ../source3/smbd/service.c:612(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2014/06/17 12:15:05.392617,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2014/06/17 12:15:05.392710,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2014/06/17 12:15:05.392760,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [acl_xattr]
[2014/06/17 12:15:05.394813,  2] ../lib/util/modules.c:191(do_smb_load_module)
  Module 'acl_xattr' loaded
[2014/06/17 12:15:05.394862,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [dfs_samba4]
[2014/06/17 12:15:05.394922,  2] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$
[2014/06/17 12:15:05.396943,  3] ../source3/smbd/service.c:856(make_connection_snum)
  10.10.10.109 (ipv4:10.10.10.109:49530) connect to service IPC$ initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013) (pid 30193)
[2014/06/17 12:15:20.167361,  3] ../source3/smbd/service.c:1130(close_cnum)
  10.10.10.109 (ipv4:10.10.10.109:49530) closed connection to service IPC$
[2014/06/17 12:15:20.168821,  3] ../source3/smbd/server_exit.c:221(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)
[2014/06/17 12:15:21.022356,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 10.10.10.109 (10.10.10.109)
[2014/06/17 12:15:21.022521,  3] ../source3/smbd/oplock.c:870(init_oplocks)
  init_oplocks: initializing messages.
[2014/06/17 12:15:21.022706,  3] ../source3/smbd/process.c:1802(process_smb)
  Transaction 0 of length 159 (0 toread)
[2014/06/17 12:15:21.022755,  3] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBnegprot (pid 30194) conn 0x0
[2014/06/17 12:15:21.023411,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2014/06/17 12:15:21.023453,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN1.0]
[2014/06/17 12:15:21.023483,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2014/06/17 12:15:21.023513,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LM1.2X002]
[2014/06/17 12:15:21.023545,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN2.1]
[2014/06/17 12:15:21.023575,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [NT LM 0.12]
[2014/06/17 12:15:21.023603,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [SMB 2.002]
[2014/06/17 12:15:21.023632,  3] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [SMB 2.???]
[2014/06/17 12:15:21.023762,  3] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2014/06/17 12:15:21.024883,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2014/06/17 12:15:21.024924,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2014/06/17 12:15:21.024953,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2014/06/17 12:15:21.024981,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'schannel' registered
[2014/06/17 12:15:21.025009,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'spnego' registered
[2014/06/17 12:15:21.025038,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2014/06/17 12:15:21.025067,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'krb5' registered
[2014/06/17 12:15:21.025095,  3] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2014/06/17 12:15:21.026485,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:21.027425,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam' registered
[2014/06/17 12:15:21.027463,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2014/06/17 12:15:21.027493,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'anonymous' registered
[2014/06/17 12:15:21.027523,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind' registered
[2014/06/17 12:15:21.027550,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2014/06/17 12:15:21.027578,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2014/06/17 12:15:21.027607,  3] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'unix' registered
[2014/06/17 12:15:21.032032,  3] ../source3/smbd/negprot.c:671(reply_negprot)
  Selected protocol SMB 2.???
[2014/06/17 12:15:21.032465,  3] ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_10
[2014/06/17 12:15:21.032894,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:21.039558,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2014/06/17 12:15:21.041466,  3] ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2014/06/17 12:15:21.042514,  3] ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
  Got user=[dcadmin] domain=[lan.abc.com] workstation=[D820] len1=24 len2=266
[2014/06/17 12:15:21.042581,  3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user [lan.abc.com]\[dcadmin]@[D820]
  auth_check_password_send: mapped user is: [LAN]\[dcadmin]@[D820]
[2014/06/17 12:15:21.044021,  3] ../source4/auth/ntlm/auth_sam.c:65(authsam_search_account)
  authsam_search_account: Couldn't find user [dcadmin] in samdb, under DC=lan,DC=abc,DC=com
[2014/06/17 12:15:21.044419,  3] ../source4/auth/ntlm/auth_sam.c:99(authsam_search_account)
  authsam_search_account: Account for guest user is disabled.
[2014/06/17 12:15:21.044461,  2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
  auth_check_password_recv: sam_ignoredomain authentication for user [LAN\dcadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/06/17 12:15:21.044507,  2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2014/06/17 12:15:21.045477,  3] ../source3/smbd/server_exit.c:221(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)
Logged
Zentyal CE 4.0.5

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: Cannot join zentyal domain
« Reply #7 on: June 17, 2014, 06:21:00 pm »
[LAN\dcadmin] FAILED with error NT_STATUS_NO_SUCH_USER


It seems that user dcadmin under domain LAN does not exists
Logged

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #8 on: June 17, 2014, 06:30:59 pm »
The Zentyal PDC host interface seems to think this user exists.

But the underlying system doesnt seeem to think so.

sysadmin@dclnx1:~$ smbclient -L 127.0.0.1 -U dcadmin
Enter dcadmin's password:
session setup failed: NT_STATUS_LOGON_FAILURE

smb.conf
...
[global]
    workgroup = LAN
    realm = LAN.ABC.COM
    netbios name = dclnx1
    server string = Primary DC
    server role = dc
    server role check:inhibit = yes
    server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
    server signing = auto

    log level = 3
    log file = /var/log/samba/samba.log
...
« Last Edit: June 17, 2014, 06:35:56 pm by Edo »
Logged
Zentyal CE 4.0.5

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: Cannot join zentyal domain
« Reply #9 on: June 17, 2014, 06:32:17 pm »
Hello:

it seems that it might be an issue from s4sync

What does samba-tool user list day?

Does it show this user?
Logged

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #10 on: June 17, 2014, 06:37:31 pm »
It does not

sysadmin@dclnx1:~$ samba-tool list
Usage: samba-tool <subcommand>

Main samba administration tool.


Options:
  -h, --help       show this help message and exit

  Version Options:
    -V, --version  Display version number


Available subcommands:
  dbcheck     - Check local AD database for errors.
  delegation  - Delegation management.
  dns         - Domain Name Service (DNS) management.
  domain      - Domain management.
  drs         - Directory Replication Services (DRS) management.
  dsacl       - DS ACLs manipulation.
  fsmo        - Flexible Single Master Operations (FSMO) roles management.
  gpo         - Group Policy Object (GPO) management.
  group       - Group management.
  ldapcmp     - Compare two ldap databases.
  ntacl       - NT ACLs manipulation.
  processes   - List processes (to aid debugging on systems without setproctitle).
  rodc        - Read-Only Domain Controller (RODC) management.
  sites       - Sites management.
  spn         - Service Principal Name (SPN) management.
  testparm    - Syntax check the configuration file.
  time        - Retrieve the time on a server.
  user        - User management.
  vampire     - Join and synchronise a remote AD domain to the local server.
For more help on a specific subcommand, please type: samba-tool <subcommand> (-h|--help)
Logged
Zentyal CE 4.0.5

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: Cannot join zentyal domain
« Reply #11 on: June 17, 2014, 06:40:07 pm »
hello:

right command is
Code: [Select]
samba-tool user list
In anycase I would go for creating a new user, assigning to domain admins group, and trying again with such user
Logged

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #12 on: June 17, 2014, 06:42:31 pm »
sysadmin@dclnx1:~$ sudo samba-tool user list
[sudo] password for sysadmin:
ldb_wrap open of secrets.ldb
Administrator
dns-dclnx1
krbtgt
Guest
sysadmin@dclnx1:~$

Logged
Zentyal CE 4.0.5

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Re: Cannot join zentyal domain
« Reply #13 on: June 17, 2014, 06:44:01 pm »
That's it. As you can see, in samba this user does not exist... Try creating a new user
Logged

Edo

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Cannot join zentyal domain
« Reply #14 on: June 17, 2014, 06:51:19 pm »
I created a user from the shell and the GUI doesnt see it, and via the shell Samba doesnt see the user I created in the GUI.

sysadmin@dclnx1:~$ sudo samba-tool user add sissy drowssap
User 'sissy' created successfully
sysadmin@dclnx1:~$
sysadmin@dclnx1:~$
sysadmin@dclnx1:~$
sysadmin@dclnx1:~$
sysadmin@dclnx1:~$ sudo samba-tool user list
ldb_wrap open of secrets.ldb
Administrator
dns-dclnx1
krbtgt
Guest
sissy
Logged
Zentyal CE 4.0.5
Pages: [1] 2
« previous next »