Всем доброго времени суток!
Система FreeBSD 10.1 amd64
поставил samba41 4.1.16 из портов!
пытаюсь перейти с windows DC на samba. вот вывод команды samba_dnsupdate:
root@AG-ATA-DC001:~ # samba_dnsupdate
root@AG-ATA-DC001:~ #
ошибок нет (конечно --verbose я показать не могу)
root@AG-ATA-DC001:~ # klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: admin@DOMAIN.LANIssued Expires Principal
Feb 6 00:39:52 2015 >>>Expired<<< krbtgt/DOMAIN.LAN@DOMAIN.LAN
samba-tool user list:slevin
temelin
fmussayev
chasdov
acht
akoztban
dmasayev
dpak
ytsoy
kabaev
nhen
yzhakova
ykhlyuzov
root@AG-ATA-DC001:~ # samba-tool domain info 127.0.0.1
Forest : domain.lan
Domain : domain.lan
Netbios domain : DOMAIN
DC name : ag-ata-dc001.domain.lan
DC netbios name : AG-ATA-DC001
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
а вот samba-tool drs showrepl выдает ошибку:root@AG-ATA-DC001:~ # samba-tool drs showrepl
Default-First-Site-Name\AG-ATA-DC001
DSA Options: 0x00000001
DSA object GUID: 31ae348e-1790-48a0-bbd0-47d620291d4c
DSA invocationId: 9b5173fa-09cd-439f-98a4-8973887dc3c8==== INBOUND NEIGHBORS ====
ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
Конечно domain.lan это не реальный домен это я тут так прост пишу!
Вопрос: что за ошибка? или может кто сталкивался уже с таким отпишитесь молю а то мне пришло письмо счастья))))
Или хотябы дайте наводку куда копать буду благодарен за любую помощь!
>[оверквотинг удален]
> Default-First-Site-Name\AG-ATA-DC001
> DSA Options: 0x00000001
> DSA object GUID: 31ae348e-1790-48a0-bbd0-47d620291d4c
> DSA invocationId: 9b5173fa-09cd-439f-98a4-8973887dc3c8
> ==== INBOUND NEIGHBORS ====
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
> Конечно domain.lan это не реальный домен это я тут так прост пишу!
> Вопрос: что за ошибка? или может кто сталкивался уже с таким отпишитесь
> молю а то мне пришло письмо счастья))))
> Или хотябы дайте наводку куда копать буду благодарен за любую помощь!вот еще более детальные логи:
root@AG-ATA-DC001:~ # samba-tool drs showrepl -d 9
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
lpcfg_load: refreshing parameters from /usr/local/etc/smb4.conf
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ag-ata-dc001.domain.lan[,seal,print]
Mapped to DCERPC endpoint 135
added interface xn0 ip=192.168.10.210 bcast=192.168.10.255 netmask=255.255.255.0
added interface xn0 ip=192.168.10.210 bcast=192.168.10.255 netmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface xn0 ip=192.168.10.210 bcast=192.168.10.255 netmask=255.255.255.0
added interface xn0 ip=192.168.10.210 bcast=192.168.10.255 netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 209
Timed out smb_krb5 packet
Received smb_krb5 packet of length 96
../librpc/rpc/dcerpc_util.c:139: auth_pad_length 0
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
../librpc/rpc/dcerpc_util.c:139: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid : e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1: DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1: DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1: DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1: DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1: DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1: DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1: DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0: DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid : 00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
../librpc/rpc/dcerpc_util.c:139: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1: DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1: DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1: DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1: DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1: DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1: DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1: DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0: DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid : d0a4eb20-9d54-478b-a214-ecf75a78dbcb
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 57159796-24d5-4e3b-9789-1947b046a3a4
result : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface xn0 ip=192.168.10.210 bcast=192.168.10.255 netmask=255.255.255.0
added interface xn0 ip=192.168.10.210 bcast=192.168.10.255 netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for AG-ATA-DC001$@DOMAIN.LAN will expire in 35924 secs
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection
Default-First-Site-Name\AG-ATA-DC001
DSA Options: 0x00000001
DSA object GUID: 31ae348e-1790-48a0-bbd0-47d620291d4c
DSA invocationId: 9b5173fa-09cd-439f-98a4-8973887dc3c8==== INBOUND NEIGHBORS ====
drsuapi_DsReplicaGetInfo: struct drsuapi_DsReplicaGetInfo
in: struct drsuapi_DsReplicaGetInfo
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 57159796-24d5-4e3b-9789-1947b046a3a4
level : DRSUAPI_DS_REPLICA_GET_INFO (1)
req : *
req : union drsuapi_DsReplicaGetInfoRequest(case 1)
req1: struct drsuapi_DsReplicaGetInfoRequest1
info_type : DRSUAPI_DS_REPLICA_INFO_NEIGHBORS (0)
object_dn : NULL
source_dsa_guid : 00000000-0000-0000-0000-000000000000
rpc fault: WERR_EPT_S_CANT_PERFORM_OP
ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/drs.py", line 116, in drsuapi_ReplicaInfo
(info_type, info) = ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle, 1, req1)
>[оверквотинг удален]
> object_dn
>
> : NULL
>
> source_dsa_guid
> : 00000000-0000-0000-0000-000000000000
> rpc fault: WERR_EPT_S_CANT_PERFORM_OP
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
> File "/usr/local/lib/python2.7/site-packages/samba/netcmd/drs.py", line 116, in drsuapi_ReplicaInfo
> (info_type, info) = ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle, 1, req1)Получилось как-то решить данную проблему?
Такая же беда
samba version 4.2.14-Debian
debian version 8.7
samba загнана в домен в режиме ридонли.
AD Replication status tool показывает что все ок
>[оверквотинг удален]
>> rpc fault: WERR_EPT_S_CANT_PERFORM_OP
>> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723, 'NT_STATUS_RPC_PROTOCOL_ERROR')
>> File "/usr/local/lib/python2.7/site-packages/samba/netcmd/drs.py", line 116, in drsuapi_ReplicaInfo
>> (info_type, info) = ctx.drsuapi.DsReplicaGetInfo(ctx.drsuapi_handle, 1, req1)
> Получилось как-то решить данную проблему?
> Такая же беда
> samba version 4.2.14-Debian
> debian version 8.7
> samba загнана в домен в режиме ридонли.
> AD Replication status tool показывает что все окДа я поставил более новую самбу уже позже а так же насколько помну сменил версию ОС вернее вписал через ADSI ну и пришлось в днсах еще службы поправить