Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: Raphaël on July 13, 2021, 07:31:48 PM
-
Hello.
We have upgraded Smeserver from V9.2 to V10.
I cannot join a windows server 2012 r2, in workstation mode, to the sme10 domain.
No particular error, just that it doesn't want to.
I imported the reg samba, v7 (and v8 in case) but....
Any idea how to debug?
Thanks in advance.
Raphaël Larronde
-
First I would ask you about your support for this particular OS.....
Do you have 'paid for' extended support?? If not then check the EOL dates.
Next please read about SMB3 (this applies to your other thread too) - that is NOT the same as Samba 3 or Samba 4.
https://docs.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-3-security-enhancements-in-windows-server-2012/ba-p/424221
And then as Koozali SME is based on CentOS 7 it might be worth a look at connecting your server to a CentOS 7 box.
https://www.linuxquestions.org/questions/linux-server-73/wins-server-2012-domain-controller-dns-server-in-centos-7-a-4175574373/
https://www.unixmen.com/setting-samba-primary-domain-controller-centos-7/
Note - none of this is guaranteed. I doubt anyone else here has the same OS to be able to test with. I don't even have a Windows 'Pro' Desktop with domain logon facilities!!
So you are probably going to have to do some legwork yourself.
-
Hello.
First of all, let me clarify that, like surely many other people in this forum, I am a Sme user, in my case as a domain controller for a school where I intervene on my free time.
I'm asking for a lead to help me and if it's not possible, well, it's not possible.
Thank you for yours links, I will look at them carefully.
Precisions, Windows Server 2012 is an SME client in my case, not a domain controler
Sincerely.
-
I'm asking for a lead to help me and if it's not possible, well, it's not possible.
That's what we are trying to do, but as it is unlikely others have the same OS, which is probably unsupported in your case, it is really hard to say much in this instance. We don't have the code to test & replicate.
I have given you some leads but you'll have to do some reading yourself.
Some logs may help.
If you can see some errors then come back and tell us and we might be able to help a bit more.
Also, check the smeserver-wsdd contrib for network browsing.
I fully took on board the fact it is a server as a client. My point was I don't personally even have a 'stock' Windows desktop to test with, let alone a Windows server....!!
-
Only have win10 home so cant help much...have no problems mapping drives and shares etc from my sme10 server, have wsdd installed on the server which helps..and smb1 is disabled on the win10 PC
Sorry thats all I have...
-
Thank'd for all.
WIndows 10 and 7 join the domain without problems.
I continue my tests.
-
WIndows 10 and 7 join the domain without problems.
So seems definitely a W 2012 R2 issue.
Can you browse shares?
What do your Windows and SME logs tell you?
-
Thank'd for all.
WIndows 10 and 7 join the domain without problems.
I continue my tests.
The only thing I can think of then is to make sure 2012r2 SMB settings are per this MS doc
https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
-
First, can you browse & connect?
SMB3 works....
Second, Domain Authent.....
-
SMB1 is disabled
SMB3 is Ok
I can navigate in the network.
I'm going to test with a fresh install of Sme10, without restoring anything.
We will then see
-
Sound like some funky issue with domain authent then.
You really need to check your Windows logs - the error will likely be in there. There may be something in the v10 logs too - you need to look.
-
Sound like some funky issue with domain authent then.
You really need to check your Windows logs - the error will likely be in there. There may be something in the v10 logs too - you need to look.
I've those error from the nas Synology when trying to join the domain (see the picture)
In the windows netsetup log it seems there's a problem of user Admin right.
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: status of connecting to dc '\\SMESERVEUR': 0x32
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: Function exits with status of: 0x32
I continue to search
All the Debug Log :
07/15/2021 12:15:13:584 -----------------------------------------------------------------
07/15/2021 12:15:13:584 NetpValidateName: checking to see if 'SERVEURWIN' is valid as type 1 name
07/15/2021 12:15:13:584 NetpCheckNetBiosNameNotInUse for 'SERVEURWIN' [MACHINE] returned 0x0
07/15/2021 12:15:13:584 NetpValidateName: name 'SERVEURWIN' is valid for type 1
07/15/2021 12:15:13:630 -----------------------------------------------------------------
07/15/2021 12:15:13:630 NetpValidateName: checking to see if 'serveurwin' is valid as type 5 name
07/15/2021 12:15:13:630 NetpValidateName: name 'serveurwin' is valid for type 5
07/15/2021 12:15:13:646 -----------------------------------------------------------------
07/15/2021 12:15:13:646 NetpValidateName: checking to see if 'esh' is valid as type 3 name
07/15/2021 12:15:13:709 NetpCheckDomainNameIsValid [ Exists ] for 'esh' returned 0x0
07/15/2021 12:15:13:709 NetpValidateName: name 'esh' is valid for type 3
07/15/2021 12:15:20:990 -----------------------------------------------------------------
07/15/2021 12:15:20:990 NetpDoDomainJoin
07/15/2021 12:15:20:990 NetpDoDomainJoin: using current computer names
07/15/2021 12:15:20:990 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
07/15/2021 12:15:20:990 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
07/15/2021 12:15:20:990 NetpMachineValidToJoin: 'SERVEURWIN'
07/15/2021 12:15:20:990 OS Version: 6.3
07/15/2021 12:15:20:990 Build number: 9600 (9600.winblue_ltsb_escrow.210525-1607)
07/15/2021 12:15:20:990 SKU: Windows Server 2012 R2 Standard
07/15/2021 12:15:20:990 Architecture: 64-bit (AMD64)
07/15/2021 12:15:20:990 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
07/15/2021 12:15:20:990 NetpGetLsaPrimaryDomain: status: 0x0
07/15/2021 12:15:20:990 NetpMachineValidToJoin: status: 0x0
07/15/2021 12:15:20:990 NetpJoinDomain
07/15/2021 12:15:20:990 HostName: serveurwin
07/15/2021 12:15:20:990 NetbiosName: SERVEURWIN
07/15/2021 12:15:20:990 Domain: esh
07/15/2021 12:15:20:990 MachineAccountOU: (NULL)
07/15/2021 12:15:20:990 Account: esh\admin
07/15/2021 12:15:20:990 Options: 0x25
07/15/2021 12:15:20:990 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:20:990 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:20:990 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:20:990 NetpLoadParameters: status: 0x0
07/15/2021 12:15:20:990 NetpValidateName: checking to see if 'esh' is valid as type 3 name
07/15/2021 12:15:21:052 NetpCheckDomainNameIsValid [ Exists ] for 'esh' returned 0x0
07/15/2021 12:15:21:052 NetpValidateName: name 'esh' is valid for type 3
07/15/2021 12:15:21:052 NetpDsGetDcName: trying to find DC in domain 'esh', flags: 0x1020
07/15/2021 12:15:21:771 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:21:771 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:21:771 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:21:771 NetpLoadParameters: status: 0x0
07/15/2021 12:15:21:771 NetpDsGetDcName: found DC '\\SMESERVEUR' in the specified domain
07/15/2021 12:15:21:771 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
07/15/2021 12:15:21:771 NetpDisableIDNEncoding: using FQDN ESH from dcinfo
07/15/2021 12:15:21:771 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'ESH' succeeded
07/15/2021 12:15:21:771 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
07/15/2021 12:15:22:615 NetUseAdd to \\SMESERVEUR\IPC$ returned 50
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: status of connecting to dc '\\SMESERVEUR': 0x32
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: Function exits with status of: 0x32
07/15/2021 12:15:22:615 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'ESH' returned 0x0
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'ESH': 0x0
07/15/2021 12:15:22:615 NetpDoDomainJoin: status: 0x32
07/15/2021 12:15:22:630 -----------------------------------------------------------------
07/15/2021 12:15:22:630 NetpDoDomainJoin
07/15/2021 12:15:22:630 NetpDoDomainJoin: using current computer names
07/15/2021 12:15:22:630 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
07/15/2021 12:15:22:630 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
07/15/2021 12:15:22:630 NetpMachineValidToJoin: 'SERVEURWIN'
07/15/2021 12:15:22:630 OS Version: 6.3
07/15/2021 12:15:22:630 Build number: 9600 (9600.winblue_ltsb_escrow.210525-1607)
07/15/2021 12:15:22:630 SKU: Windows Server 2012 R2 Standard
07/15/2021 12:15:22:630 Architecture: 64-bit (AMD64)
07/15/2021 12:15:22:630 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
07/15/2021 12:15:22:630 NetpGetLsaPrimaryDomain: status: 0x0
07/15/2021 12:15:22:630 NetpMachineValidToJoin: status: 0x0
07/15/2021 12:15:22:630 NetpJoinDomain
07/15/2021 12:15:22:630 HostName: serveurwin
07/15/2021 12:15:22:630 NetbiosName: SERVEURWIN
07/15/2021 12:15:22:630 Domain: esh
07/15/2021 12:15:22:630 MachineAccountOU: (NULL)
07/15/2021 12:15:22:630 Account: esh\admin
07/15/2021 12:15:22:630 Options: 0x27
07/15/2021 12:15:22:630 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:22:630 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:22:630 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:22:630 NetpLoadParameters: status: 0x0
07/15/2021 12:15:22:630 NetpValidateName: checking to see if 'esh' is valid as type 3 name
07/15/2021 12:15:22:709 NetpCheckDomainNameIsValid [ Exists ] for 'esh' returned 0x0
07/15/2021 12:15:22:709 NetpValidateName: name 'esh' is valid for type 3
07/15/2021 12:15:22:709 NetpDsGetDcName: trying to find DC in domain 'esh', flags: 0x1020
07/15/2021 12:15:22:880 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:22:880 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:22:880 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:22:880 NetpLoadParameters: status: 0x0
07/15/2021 12:15:22:880 NetpDsGetDcName: found DC '\\SMESERVEUR' in the specified domain
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
07/15/2021 12:15:22:880 NetpDisableIDNEncoding: using FQDN ESH from dcinfo
07/15/2021 12:15:22:880 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'ESH' succeeded
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
07/15/2021 12:15:22:880 NetUseAdd to \\SMESERVEUR\IPC$ returned 50
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: status of connecting to dc '\\SMESERVEUR': 0x32
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: Function exits with status of: 0x32
07/15/2021 12:15:22:880 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'ESH' returned 0x0
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'ESH': 0x0
07/15/2021 12:15:22:880 NetpDoDomainJoin: status: 0x32
-
Have a really good search and read on this error:
NetpJoinDomainOnDs: Function exits with status of: 0x32
-
https://docs.microsoft.com/en-us/answers/questions/342976/getting-39the-request-is-not-supported39-when-join.html
-
Following this site https://www.beyondtrust.com/docs/ad-bridge/how-to/troubleshoot/domain-join/index.htm I have an error in returning SRV records.
By doing the command nslookup -q=srv _ldap._tcp. ADdomainToJoin.com
- I get an error (see attachment)
- Error similar to the one on a Synology NAS (see the other attachment)
-
SME 10 does not implement Active Directory. hence you can only use SME as a standalone samba server or need to enable nt1 protocol and max server protocol to nt1 to use nt4 style PDC. which is not encouraged as nt1 aka smb1 aka cifs is deprecated.
if you need AD DC you need to configure your own samba server and then you can use SME as secondary server.
a lot of the work to implement AD DC is available in bug tracker but has not made it for different reasons.
The most prevalent is lack of work force for doing the final
implementation, but few issues were also encountered like a major security one: losing posix ACL in SME samba if it was the AD DC while supported as a domain member, when no support for windows ACL is available in linux filesystems leading to different permissions to access to the same file depending if you access from samba, http, ftp, ssh or locally.
one workaround is to set you samba ad dc in a docker instance or a side vm and sme as domain member
-
Bonjour Jean-Pierre.
Thanks for the clarification, I understand better why it does not and cannot work as it is.
-
Bonjour Raphaël,
C'est Jean-Philippe !
Jean-Pierre, c'est quelqu'un d'autre...
Bonne fin de semaine.
-
Oups.
Désolé :-?
-
Hello.
I solved my problem, following the topic of Jean-Philippe.
By allowing the SMB1 protocol, no other simple solution for the moment.
Thank's.