This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Re: zentyal no longer seeing KDC servers
« on: January 05, 2023, 08:15:30 pm »
Good evening,
I'm still digging into this as this server is being referenced still for some AD Lookups and I'd really like to get this fixed.. Please find the attached log made fresh this evening.
Subject: System report
##################
# GENERAL CHECKS #
##################
########
## Hostname
########
hangarserver.js.local
########
## Hosts
########
127.0.0.1 localhost.localdomain localhost
#127.0.1.1 hangarserver.js.local hangarserver
192.168.100.2 hangarserver.js.local hangarserver
192.168.0.1 server.js.local server
192.168.0.247 server1.js.local server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
########
## Resolv
########
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search js.local
########
## Version of Zentyal and Ubuntu
########
Zentyal 6.1.6
Ubuntu 18.04.6 LTS
########
## Zentyal's modules installed
########
ii zentyal-core 6.1.6
ii zentyal-dns 6.1.2
ii zentyal-firewall 6.1
ii zentyal-network 6.1.1
ii zentyal-ntp 6.1
ii zentyal-samba 6.1.2
ii zentyal-software 6.1.1
########
## Modules which are enabled
########
Zentyal module network: [ ENABLED ]
Zentyal module firewall: [ DISABLED ]
Zentyal module audit: [ DISABLED ]
Zentyal module dns: [ ENABLED ]
Zentyal module logs: [ ENABLED ]
Zentyal module ntp: [ ENABLED ]
Zentyal module samba: [ ENABLED ]
Zentyal module webadmin: [ ENABLED ]
########
## Zentyal Commercial Edition
########
The server doesn't have a license key.
########
## Uptime
########
Uptime's server: up 8 hours, 30 minutes
########
## Memory
########
Total memory: 15914 MB
Memory usage: 7.50%
SWAP usage: 0 MB
########
## CPU
########
Total cores: 4
CPU load average (1m,5m,15m): 0.54. 0.42. 0.42
########
## Hard Drives and partitions
########
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
└─sda2 8:2 0 164.7G 0 part /
sdb 8:16 0 3.7T 0 disk
└─sdb1 8:17 0 3.7T 0 part
└─md127 9:127 0 3.7T 0 raid1 /share
sdc 8:32 0 3.7T 0 disk
└─sdc1 8:33 0 3.7T 0 part
└─md127 9:127 0 3.7T 0 raid1 /share
## Disk usage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 162G 15G 139G 10% /
/dev/sda1 vfat 511M 9.6M 502M 2% /boot/efi
/dev/md127 ext4 3.6T 1.5T 2.0T 43% /share
########
## Network Interfaces
########
## Interfaces available:
eth0
## IPs configured:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
## Network Interfaces where were 'Down': 0
########
## Server packages
########
Broken packages: 0
Upgradable packages:
250 updates can be applied immediately.
221 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
Last update by Zentyal:
########
## Repositories
########
## Repositorios configured:
deb http://za.archive.ubuntu.com/ubuntu/ bionic main restricted
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
deb http://za.archive.ubuntu.com/ubuntu/ bionic universe
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates universe
deb http://za.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
deb http://za.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://packages.zentyal.org/zentyal 6.1 main extra
deb http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse
## Custom repositories:
/etc/apt/sources.list.d/dropbox.list
deb [arch=i386,amd64] http://linux.dropbox.com/ubuntu bionic main
/etc/apt/sources.list.d/owncloud.list
deb https://download.owncloud.com/desktop/ownCloud/stable/2.9.2.6206/linux/Ubuntu_18.04/ /
/etc/apt/sources.list.d/openvpn3.list
deb https://swupdate.openvpn.net/community/openvpn3/repos bionic main
########
## System emails
########
########
## Mysql daemon
########
active
########
## Mysql databases
########
## Databases available:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| zentyal |
+--------------------+
## Mysql databases check:
mysql.columns_priv OK
mysql.db OK
mysql.engine_cost OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.gtid_executed OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.innodb_index_stats OK
mysql.innodb_table_stats OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.proxies_priv OK
mysql.server_cost OK
mysql.servers OK
mysql.slave_master_info OK
mysql.slave_relay_log_info OK
mysql.slave_worker_info OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
sys.sys_config OK
zentyal.audit_actions OK
zentyal.audit_sessions OK
zentyal.firewall OK
zentyal.firewall_report OK
zentyal.samba_access OK
zentyal.samba_access_report OK
zentyal.samba_disk_usage OK
zentyal.samba_disk_usage_report OK
zentyal.samba_quarantine OK
###################
# Login accesses #
###################
Successful accesses to the Zentyal Admin Interface: 4
Failed accesses to the Zentyal Admin Interface: 0
Successful accesses from SSH: 3
Failed accesses from SSH: 1
#####################
# ZENTYAL LOG FILE #
#####################
## Errors and Warnings found from '2022/10/03' to '2023/01/05'
## Errors found:
ntp 0
dhcp 0
openvpn 0
network 1
ipsec 0
squid 0
firewall 0
mysql 0
samba 11
sogo 0
ejabber 0
logs 0
dns 12
mail 0
## Warnings found:
ntp 3
dhcp 0
openvpn 0
network 0
ipsec 0
squid 0
firewall 0
mysql 0
samba 1
sogo 0
ejabber 0
logs 0
dns 0
mail 0
############################
# DOMAIN CONTROLLER CHECKS #
############################
########
## DNS user
########
dns-HANGARSERVER
## DNS users on DnsAdmins:
dns-HANGARSERVER
########
## DNS user password flags
########
Usuario: dns-HANGARSERVER -> U
########
## DNS user ticket
########
Skipping the check for Kerberos ticket for 'dns-hangarserver' because its password isn't set as 'noexpiry'.
########
## Status of old Samba daemon
########
## Daemons' information:
Status of the daemon: 'smbd': inactive
State of the daemon: 'smbd': disabled
Status of the daemon: 'nmbd': inactive
State of the daemon: 'nmbd': disabled
Status of the daemon: 'winbind': inactive
State of the daemon: 'winbind': disabled
Status of the daemon: 'sssd': inactive
State of the daemon: 'sssd':
########
## Samba database check
########
Checked 7581 objects (51 errors)
########
## FSMO OWNER
########
SchemaMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
InfrastructureMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
RidAllocationMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
DomainNamingMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
########
## Domain Controllers configured
########
dn: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
objectGUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
dn: CN=NTDS Settings,CN=HANGARSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
objectGUID: a14123e4-7784-4b37-bcc3-21a705a98a31
########
## DNS alias
########
06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local is an alias for server.js.local.
a14123e4-7784-4b37-bcc3-21a705a98a31._msdcs.js.local is an alias for hangarserver.js.local.
########
## DNS Errors on log file
########
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
--
Exit value: 1 at root command kinit -k -t /var/lib/samba/private/dns.keytab dns-HANGARSERVER failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
--
2022/12/22 15:39:57 ERROR> GlobalImpl.pm:652 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-HANGARSERVER failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
I've got three KDC points, all of them I can ping without an issue on either name or IP Address.
The error i'm seeing pop up is that it can't resolve hangarserver.js.local via lmhosts.
I can ping hangarserver.js.local and hangarserver and they both respond perfectly with the correct IP Address.
Any help would be fantastic. I did have to update this unit's IP Address a long time back and I've adjusted the DNS to see the correct IP address, I don't know if that's what's causing this issue.
Many thanks to everyone for help on this matter.
Duane
I'm still digging into this as this server is being referenced still for some AD Lookups and I'd really like to get this fixed.. Please find the attached log made fresh this evening.
Subject: System report
##################
# GENERAL CHECKS #
##################
########
## Hostname
########
hangarserver.js.local
########
## Hosts
########
127.0.0.1 localhost.localdomain localhost
#127.0.1.1 hangarserver.js.local hangarserver
192.168.100.2 hangarserver.js.local hangarserver
192.168.0.1 server.js.local server
192.168.0.247 server1.js.local server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
########
## Resolv
########
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search js.local
########
## Version of Zentyal and Ubuntu
########
Zentyal 6.1.6
Ubuntu 18.04.6 LTS
########
## Zentyal's modules installed
########
ii zentyal-core 6.1.6
ii zentyal-dns 6.1.2
ii zentyal-firewall 6.1
ii zentyal-network 6.1.1
ii zentyal-ntp 6.1
ii zentyal-samba 6.1.2
ii zentyal-software 6.1.1
########
## Modules which are enabled
########
Zentyal module network: [ ENABLED ]
Zentyal module firewall: [ DISABLED ]
Zentyal module audit: [ DISABLED ]
Zentyal module dns: [ ENABLED ]
Zentyal module logs: [ ENABLED ]
Zentyal module ntp: [ ENABLED ]
Zentyal module samba: [ ENABLED ]
Zentyal module webadmin: [ ENABLED ]
########
## Zentyal Commercial Edition
########
The server doesn't have a license key.
########
## Uptime
########
Uptime's server: up 8 hours, 30 minutes
########
## Memory
########
Total memory: 15914 MB
Memory usage: 7.50%
SWAP usage: 0 MB
########
## CPU
########
Total cores: 4
CPU load average (1m,5m,15m): 0.54. 0.42. 0.42
########
## Hard Drives and partitions
########
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
└─sda2 8:2 0 164.7G 0 part /
sdb 8:16 0 3.7T 0 disk
└─sdb1 8:17 0 3.7T 0 part
└─md127 9:127 0 3.7T 0 raid1 /share
sdc 8:32 0 3.7T 0 disk
└─sdc1 8:33 0 3.7T 0 part
└─md127 9:127 0 3.7T 0 raid1 /share
## Disk usage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 162G 15G 139G 10% /
/dev/sda1 vfat 511M 9.6M 502M 2% /boot/efi
/dev/md127 ext4 3.6T 1.5T 2.0T 43% /share
########
## Network Interfaces
########
## Interfaces available:
eth0
## IPs configured:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
## Network Interfaces where were 'Down': 0
########
## Server packages
########
Broken packages: 0
Upgradable packages:
250 updates can be applied immediately.
221 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
Last update by Zentyal:
########
## Repositories
########
## Repositorios configured:
deb http://za.archive.ubuntu.com/ubuntu/ bionic main restricted
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
deb http://za.archive.ubuntu.com/ubuntu/ bionic universe
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates universe
deb http://za.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://za.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
deb http://za.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://packages.zentyal.org/zentyal 6.1 main extra
deb http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse
## Custom repositories:
/etc/apt/sources.list.d/dropbox.list
deb [arch=i386,amd64] http://linux.dropbox.com/ubuntu bionic main
/etc/apt/sources.list.d/owncloud.list
deb https://download.owncloud.com/desktop/ownCloud/stable/2.9.2.6206/linux/Ubuntu_18.04/ /
/etc/apt/sources.list.d/openvpn3.list
deb https://swupdate.openvpn.net/community/openvpn3/repos bionic main
########
## System emails
########
########
## Mysql daemon
########
active
########
## Mysql databases
########
## Databases available:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| zentyal |
+--------------------+
## Mysql databases check:
mysql.columns_priv OK
mysql.db OK
mysql.engine_cost OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.gtid_executed OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.innodb_index_stats OK
mysql.innodb_table_stats OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.proxies_priv OK
mysql.server_cost OK
mysql.servers OK
mysql.slave_master_info OK
mysql.slave_relay_log_info OK
mysql.slave_worker_info OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
sys.sys_config OK
zentyal.audit_actions OK
zentyal.audit_sessions OK
zentyal.firewall OK
zentyal.firewall_report OK
zentyal.samba_access OK
zentyal.samba_access_report OK
zentyal.samba_disk_usage OK
zentyal.samba_disk_usage_report OK
zentyal.samba_quarantine OK
###################
# Login accesses #
###################
Successful accesses to the Zentyal Admin Interface: 4
Failed accesses to the Zentyal Admin Interface: 0
Successful accesses from SSH: 3
Failed accesses from SSH: 1
#####################
# ZENTYAL LOG FILE #
#####################
## Errors and Warnings found from '2022/10/03' to '2023/01/05'
## Errors found:
ntp 0
dhcp 0
openvpn 0
network 1
ipsec 0
squid 0
firewall 0
mysql 0
samba 11
sogo 0
ejabber 0
logs 0
dns 12
mail 0
## Warnings found:
ntp 3
dhcp 0
openvpn 0
network 0
ipsec 0
squid 0
firewall 0
mysql 0
samba 1
sogo 0
ejabber 0
logs 0
dns 0
mail 0
############################
# DOMAIN CONTROLLER CHECKS #
############################
########
## DNS user
########
dns-HANGARSERVER
## DNS users on DnsAdmins:
dns-HANGARSERVER
########
## DNS user password flags
########
Usuario: dns-HANGARSERVER -> U
########
## DNS user ticket
########
Skipping the check for Kerberos ticket for 'dns-hangarserver' because its password isn't set as 'noexpiry'.
########
## Status of old Samba daemon
########
## Daemons' information:
Status of the daemon: 'smbd': inactive
State of the daemon: 'smbd': disabled
Status of the daemon: 'nmbd': inactive
State of the daemon: 'nmbd': disabled
Status of the daemon: 'winbind': inactive
State of the daemon: 'winbind': disabled
Status of the daemon: 'sssd': inactive
State of the daemon: 'sssd':
########
## Samba database check
########
Checked 7581 objects (51 errors)
########
## FSMO OWNER
########
SchemaMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
InfrastructureMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
RidAllocationMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
DomainNamingMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
########
## Domain Controllers configured
########
dn: CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
objectGUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
dn: CN=NTDS Settings,CN=HANGARSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
objectGUID: a14123e4-7784-4b37-bcc3-21a705a98a31
########
## DNS alias
########
06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local is an alias for server.js.local.
a14123e4-7784-4b37-bcc3-21a705a98a31._msdcs.js.local is an alias for hangarserver.js.local.
########
## DNS Errors on log file
########
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
--
Exit value: 1 at root command kinit -k -t /var/lib/samba/private/dns.keytab dns-HANGARSERVER failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
--
2022/12/22 15:39:57 ERROR> GlobalImpl.pm:652 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-HANGARSERVER failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm JS.LOCAL
I've got three KDC points, all of them I can ping without an issue on either name or IP Address.
The error i'm seeing pop up is that it can't resolve hangarserver.js.local via lmhosts.
I can ping hangarserver.js.local and hangarserver and they both respond perfectly with the correct IP Address.
Any help would be fantastic. I did have to update this unit's IP Address a long time back and I've adjusted the DNS to see the correct IP address, I don't know if that's what's causing this issue.
Many thanks to everyone for help on this matter.
Duane
2
Directory and Authentication / Zentyal won't add as an additional DC
« on: January 03, 2023, 02:37:38 pm »
Good Day,
I've been trying with Zentyal 7.0 for a number of days now. I've made every modification I can find. However, when I try and add this Zentyal box to an exisitng Domain environment, it seems to fail.
I'm sure the username and password are correct as I get other errors if they are incorrect. The current environment is Windows 2008 SBE, and Windows 2012 R2 both acting as DC's to the current server.
We want to remove out the Win 2008 SBE completely but this is only an option once I can get the Zentyal to act as an additional DC.
I managed for a time with Zentyal 6.0 a while back and then it suddenly stopped authenticating, so once I've got 7.0 to complete authentication, I might upgrade 6.0 to version 7.0 or just debug it's faults.
Anyway if someone can assist me. The routine recommended by SAMBA setting the DNS_BACKEND to NONE I don't see any way to implement that in Zentyal with the current scripts.
Here is the error I'm getting
2023/01/03 12:23:13 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2023/01/03 12:23:14 INFO> Provision.pm:810 EBox::Samba::Provision::checkAddress - Resolving server1.js.local to an IP address
2023/01/03 12:23:14 INFO> Provision.pm:830 EBox::Samba::Provision::checkAddress - The DC server1.js.local has been resolved to 192.168.0.247
2023/01/03 12:23:14 INFO> Provision.pm:833 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.0.247'...
2023/01/03 12:23:14 INFO> Provision.pm:857 EBox::Samba::Provision::checkAddress - The IP address 192.168.0.247 does not have associated PTR record
2023/01/03 12:23:14 INFO> Provision.pm:756 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.0.247' is online...
2023/01/03 12:23:14 INFO> Provision.pm:866 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2023/01/03 12:23:14 INFO> Provision.pm:898 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2023/01/03 12:23:14 INFO> Provision.pm:775 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2023/01/03 12:23:14 INFO> Provision.pm:972 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2023/01/03 12:23:14 INFO> Provision.pm:993 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2023/01/03 12:23:14 INFO> Provision.pm:675 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2023/01/03 12:23:14 INFO> Provision.pm:722 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2023/01/03 12:23:14 INFO> Provision.pm:932 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2023/01/03 12:23:14 INFO> Provision.pm:1034 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2023/01/03 12:23:14 INFO> Provision.pm:1042 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2023/01/03 12:23:14 INFO> Provision.pm:1059 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2023/01/03 12:23:14 INFO> Provision.pm:1286 EBox::Samba::Provision::provisionADC - Joining to domain 'js.local' as DC
2023/01/03 12:23:15 INFO> Provision.pm:1299 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'bluetek@JS.LOCAL'
2023/01/03 12:23:17 INFO> Provision.pm:1308 EBox::Samba::Provision::provisionADC - Executing domain join
2023/01/03 12:23:18 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join js.local DC --username='bluetek' --workgroup='js' --password=`cat /var/lib/zentyal/tmp/mFSvyc` --server='192.168.0.247' --dns-backend=BIND9_DLZ --realm='JS.LOCAL' --site='Default-First-Site-Name' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
INFO 2023-01-03 12:23:17,992 pid:40208 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is JS
INFO 2023-01-03 12:23:17,992 pid:40208 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is js.local
Using binding ncacn_ip_tcp:192.168.0.247[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
tdb(/var/lib/samba/private/secrets.tdb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.tdb: No such file or directory
Could not open tdb: No such file or directory
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not open secrets.ldb and failed to open /var/lib/s amba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
ref 1: '06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local'
> <ldap://06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local>
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1447, in do_join
ctx.join_add_objects()
File "/usr/lib/python3/dist-packages/samba/join.py", line 712, in join_add_objects
ctx.samdb.modify(m)
Command output: Adding CN=JSPZENAD1,OU=Domain Controllers,DC=js,DC=local
Adding CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
Adding CN=NTDS Settings,CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
Join failed - cleaning up
Deleted CN=JSPZENAD1,OU=Domain Controllers,DC=js,DC=local
Deleted CN=NTDS Settings,CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
Deleted CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
.
Exit value: 255 at root command samba-tool domain join js.local DC --username='bluetek' --workgroup='js' --password=`cat /var/lib/zentyal/tmp/mFSvyc` --server='192. 168.0.247' --dns-backend=BIND9_DLZ --realm='JS.LOCAL' --site='Default-First-Site-Name' failed.
Many thanks
I've been trying with Zentyal 7.0 for a number of days now. I've made every modification I can find. However, when I try and add this Zentyal box to an exisitng Domain environment, it seems to fail.
I'm sure the username and password are correct as I get other errors if they are incorrect. The current environment is Windows 2008 SBE, and Windows 2012 R2 both acting as DC's to the current server.
We want to remove out the Win 2008 SBE completely but this is only an option once I can get the Zentyal to act as an additional DC.
I managed for a time with Zentyal 6.0 a while back and then it suddenly stopped authenticating, so once I've got 7.0 to complete authentication, I might upgrade 6.0 to version 7.0 or just debug it's faults.
Anyway if someone can assist me. The routine recommended by SAMBA setting the DNS_BACKEND to NONE I don't see any way to implement that in Zentyal with the current scripts.
Here is the error I'm getting
2023/01/03 12:23:13 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2023/01/03 12:23:14 INFO> Provision.pm:810 EBox::Samba::Provision::checkAddress - Resolving server1.js.local to an IP address
2023/01/03 12:23:14 INFO> Provision.pm:830 EBox::Samba::Provision::checkAddress - The DC server1.js.local has been resolved to 192.168.0.247
2023/01/03 12:23:14 INFO> Provision.pm:833 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.0.247'...
2023/01/03 12:23:14 INFO> Provision.pm:857 EBox::Samba::Provision::checkAddress - The IP address 192.168.0.247 does not have associated PTR record
2023/01/03 12:23:14 INFO> Provision.pm:756 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.0.247' is online...
2023/01/03 12:23:14 INFO> Provision.pm:866 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2023/01/03 12:23:14 INFO> Provision.pm:898 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2023/01/03 12:23:14 INFO> Provision.pm:775 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2023/01/03 12:23:14 INFO> Provision.pm:972 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2023/01/03 12:23:14 INFO> Provision.pm:993 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2023/01/03 12:23:14 INFO> Provision.pm:675 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2023/01/03 12:23:14 INFO> Provision.pm:722 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2023/01/03 12:23:14 INFO> Provision.pm:932 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2023/01/03 12:23:14 INFO> Provision.pm:1034 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2023/01/03 12:23:14 INFO> Provision.pm:1042 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2023/01/03 12:23:14 INFO> Provision.pm:1059 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2023/01/03 12:23:14 INFO> Provision.pm:1286 EBox::Samba::Provision::provisionADC - Joining to domain 'js.local' as DC
2023/01/03 12:23:15 INFO> Provision.pm:1299 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'bluetek@JS.LOCAL'
2023/01/03 12:23:17 INFO> Provision.pm:1308 EBox::Samba::Provision::provisionADC - Executing domain join
2023/01/03 12:23:18 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join js.local DC --username='bluetek' --workgroup='js' --password=`cat /var/lib/zentyal/tmp/mFSvyc` --server='192.168.0.247' --dns-backend=BIND9_DLZ --realm='JS.LOCAL' --site='Default-First-Site-Name' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
INFO 2023-01-03 12:23:17,992 pid:40208 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is JS
INFO 2023-01-03 12:23:17,992 pid:40208 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is js.local
Using binding ncacn_ip_tcp:192.168.0.247[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
tdb(/var/lib/samba/private/secrets.tdb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.tdb: No such file or directory
Could not open tdb: No such file or directory
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not open secrets.ldb and failed to open /var/lib/s amba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
ref 1: '06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local'
> <ldap://06b2d19c-ffe4-45e3-be6f-183540b1c68b._msdcs.js.local>
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1447, in do_join
ctx.join_add_objects()
File "/usr/lib/python3/dist-packages/samba/join.py", line 712, in join_add_objects
ctx.samdb.modify(m)
Command output: Adding CN=JSPZENAD1,OU=Domain Controllers,DC=js,DC=local
Adding CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
Adding CN=NTDS Settings,CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
Join failed - cleaning up
Deleted CN=JSPZENAD1,OU=Domain Controllers,DC=js,DC=local
Deleted CN=NTDS Settings,CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
Deleted CN=JSPZENAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=js,DC=local
.
Exit value: 255 at root command samba-tool domain join js.local DC --username='bluetek' --workgroup='js' --password=`cat /var/lib/zentyal/tmp/mFSvyc` --server='192. 168.0.247' --dns-backend=BIND9_DLZ --realm='JS.LOCAL' --site='Default-First-Site-Name' failed.
Many thanks
3
Directory and Authentication / Re: zentyal no longer seeing KDC servers
« on: October 20, 2022, 04:00:28 pm »Hi,
If you are using Zentyal 6.2 or 7.0, run the following script to get a system report and pay special attention to the Domain controller output:Code: [Select]sudo /usr/share/zentyal/smart-admin-report
NOTE: If you want to post the output here, make sure that your rename the sensitive information that the report might have.
However, according to the output, it seems that you do not have any additional domain controller in your environment.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Good Day, Sorry that this reply has been so long...
This was a server joined to an existing AD DOMAIN to be part of the domain servers group.
here is that report.
Subject: System report
##################
# GENERAL CHECKS #
##################
########
## Hostname
########
hangarserver.js.local
########
## Hosts
########
127.0.0.1 localhost.localdomain localhost
#127.0.1.1 hangarserver.js.local hangarserver
192.168.100.2 hangarserver.js.local hangarserver
192.168.0.1 server.js.local server
192.168.0.247 server1.js.local server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
########
## Resolv
########
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search js.local
########
## Version of Zentyal and Ubuntu
########
Zentyal 6.1.6
Ubuntu 18.04.6 LTS
########
## Zentyal's modules installed
########
ii zentyal-core 6.1.6
ii zentyal-dns 6.1.2
ii zentyal-firewall 6.1
ii zentyal-network 6.1.1
ii zentyal-ntp 6.1
ii zentyal-samba 6.1.2
ii zentyal-software 6.1.1
########
## Modules which are enabled
########
Zentyal module network: [ ENABLED ]
Zentyal module firewall: [ DISABLED ]
Zentyal module audit: [ DISABLED ]
Zentyal module dns: [ ENABLED ]
Zentyal module logs: [ ENABLED ]
Zentyal module ntp: [ ENABLED ]
Zentyal module samba: [ ENABLED ]
Zentyal module webadmin: [ ENABLED ]
########
## Zentyal Commercial Edition
########
The server doesn't have a license key.
########
## Uptime
########
Uptime's server: up 8 hours, 36 minutes
########
## Memory
########
Total memory: 15914 MB
Memory usage: 11.52%
SWAP usage: 0 MB
########
## CPU
########
Total cores: 4
CPU load average (1m,5m,15m): 2.23. 1.87. 1.83
########
## Hard Drives and partitions
########
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
└─sda2 8:2 0 465.3G 0 part /
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part /share
sr0 11:0 1 1024M 0 rom
## Disk usage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 457G 73G 361G 17% /
/dev/sdb1 ext4 1.8T 1.5T 290G 84% /share
/dev/sda1 vfat 511M 9.6M 502M 2% /boot/efi
########
## Network Interfaces
########
## Interfaces available:
eth0
## IPs configured:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
## Network Interfaces where were 'Down':
4
Directory and Authentication / zentyal no longer seeing KDC servers
« on: October 03, 2022, 09:47:43 pm »
My Zentyal box is no longer seeing the other servers for replication. If I go through samba-tools drs show-repl it reports it can't see the KDC servers on the domain controller.
Please can someone help me
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:hangarserver.dummy.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for HANGARSERVER$@dummy.local failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/HANGARSERVER.dummy.local failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for HANGARSERVER$@dummy.local failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/hangarserver.dummy.local failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Default-First-Site-Name\HANGARSERVER
DSA Options: 0x00000001
DSA object GUID: a14123e4-7784-4b37-bcc3-21a705a98a31
DSA invocationId: 86acb60f-bc0d-48ff-8686-a4929a99662c
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:00:53 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13313 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:02:39 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
15187 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
CN=Schema,CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:04:24 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
101163 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
DC=DomainDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:06:09 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13452 consecutive failure(s).
Last success @ Fri Dec 17 15:02:31 2021 SAST
DC=ForestDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 17:59:08 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13314 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
==== OUTBOUND NEIGHBORS ====
CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:24:29 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
448611 consecutive failure(s).
Last success @ Wed Jan 12 11:33:36 2022 SAST
DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:25:09 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
828531 consecutive failure(s).
Last success @ Wed Jan 12 12:21:00 2022 SAST
CN=Schema,CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:25:49 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
43778 consecutive failure(s).
Last success @ Mon Feb 28 05:53:29 2022 SAST
DC=DomainDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:23:08 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
829934 consecutive failure(s).
Last success @ Wed Jan 12 11:33:35 2022 SAST
DC=ForestDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:23:48 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
816051 consecutive failure(s).
Last success @ Wed Jan 12 11:33:36 2022 SAST
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 8d40d461-5748-416f-ba56-453127e5f850
Enabled : TRUE
Server DNS name : SERVER.dummy.local
Server DN name : CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dummy,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Please can someone help me
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:hangarserver.dummy.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for HANGARSERVER$@dummy.local failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/HANGARSERVER.dummy.local failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
resolve_lmhosts: Attempting lmhosts lookup for name hangarserver.dummy.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for HANGARSERVER$@dummy.local failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/hangarserver.dummy.local failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Default-First-Site-Name\HANGARSERVER
DSA Options: 0x00000001
DSA object GUID: a14123e4-7784-4b37-bcc3-21a705a98a31
DSA invocationId: 86acb60f-bc0d-48ff-8686-a4929a99662c
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:00:53 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13313 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:02:39 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
15187 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
CN=Schema,CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:04:24 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
101163 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
DC=DomainDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 18:06:09 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13452 consecutive failure(s).
Last success @ Fri Dec 17 15:02:31 2021 SAST
DC=ForestDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 17:59:08 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
13314 consecutive failure(s).
Last success @ Fri Dec 17 15:02:32 2021 SAST
==== OUTBOUND NEIGHBORS ====
CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:24:29 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
448611 consecutive failure(s).
Last success @ Wed Jan 12 11:33:36 2022 SAST
DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:25:09 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
828531 consecutive failure(s).
Last success @ Wed Jan 12 12:21:00 2022 SAST
CN=Schema,CN=Configuration,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:25:49 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
43778 consecutive failure(s).
Last success @ Mon Feb 28 05:53:29 2022 SAST
DC=DomainDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:23:08 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
829934 consecutive failure(s).
Last success @ Wed Jan 12 11:33:35 2022 SAST
DC=ForestDnsZones,DC=dummy,DC=local
Default-First-Site-Name\SERVER via RPC
DSA object GUID: 06b2d19c-ffe4-45e3-be6f-183540b1c68b
Last attempt @ Mon Oct 3 21:23:48 2022 SAST failed, result 1311 (WERR_NO_LOGON_SERVERS)
816051 consecutive failure(s).
Last success @ Wed Jan 12 11:33:36 2022 SAST
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 8d40d461-5748-416f-ba56-453127e5f850
Enabled : TRUE
Server DNS name : SERVER.dummy.local
Server DN name : CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dummy,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Pages: [1]