FreeNAS Domänenbeitritt in UCS (Univention Corporate Server) nicht mgl

mircsicz

Dabbler
Joined
May 11, 2013
Messages
31
Code:
Hallo zusammen,

ich versuche einer UCS Domäne beizutreten, bekomme dabei aber immer den folgenden Fehler:
Unable to find domain controllers for AAM.

Habe auch schon diese Hinweise probiert, bekomme dabei aber diese Fehler:
mircsicz@nas ~ $  sudo sqlite3 /data/freenas-v1.db "UPDATE directoryservice_activedirectory SET ad_enable=1"
mircsicz@nas ~ $  sudo service ix-hostname start
mircsicz@nas ~ $  sudo service ix-kerberos start
mircsicz@nas ~ $  sudo service ix-kinit start
ERROR: Unable to find kerberos servers for AAM.LAN
mircsicz@nas ~ $  sudo service ix-pre-samba start
mircsicz@nas ~ $  sudo net -k -d 7 ads join

sitename_fetch: No stored sitename for realm 'AAM'
no entry for AAM#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name AAM<0x1c>
startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name AAM<0x1c>
nmb packet from 10.1.0.10(35072) header: id=12325 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=AAM<1c> rr_type=32 rr_class=1 ttl=259200
    answers   0 char ......   hex E0000A01000A
Got a positive name query response from 10.1.0.10 ( 10.1.0.10 )
nmb packet from 10.1.0.10(35072) header: id=12325 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=AAM<1c> rr_type=32 rr_class=1 ttl=259200
    answers   0 char ......   hex E0000A01000A
Got a positive name query response from 10.1.0.10 ( )
namecache_store: storing 1 address for AAM#1c: 10.1.0.10
fcntl_lock: fcntl lock gave errno 35 (Resource temporarily unavailable)
fcntl_lock: lock failed at offset 0 count 1 op 12 type 1 (Resource temporarily unavailable)
send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from NAS<00> to AAM<1c> IP 10.1.0.10
namecache_store: storing 1 address for UCS#20: 10.1.0.10
sitename_fetch: Returning sitename for realm 'AAM.LAN': "Default-First-Site-Name"
no entry for ucs.aam.lan#20 found.
resolve_hosts: Attempting host lookup for name ucs.aam.lan<0x20>
namecache_store: storing 1 address for ucs.aam.lan#20: 10.1.0.10
Connecting to 10.1.0.10 at port 445
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 4
        TCP_KEEPCNT = 8
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 33580
        SO_RCVBUF = 65700
        SO_SNDLOWAT = 2048
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
got OID=1.2.840.48018.1.2.2
cli_session_setup_spnego_send: Connect to ucs.aam.lan as root@AAM.LAN using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
smb_gss_krb5_import_cred ccache[FILE:/tmp/krb5cc_0] failed with [ Miscellaneous failure (see text): unknown mech-code 2 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT
gensec_update_done: spnego[0x814ec4260]: NT_STATUS_INVALID_PARAMETER
SPNEGO login failed: An invalid parameter was passed to a service or function.
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : 'NAS$'
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_guid              : 00000000-0000-0000-0000-000000000000
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to lookup DC info for domain 'AAM' over rpc: An invalid parameter was passed to a service or function.'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            krb5_salt                : NULL
            result                   : WERR_INVALID_PARAMETER
Failed to join domain: failed to lookup DC info for domain 'AAM' over rpc: An invalid parameter was passed to a service or function.
return code = -1

Die gesamte Ausgabe gibt es hier:
https://paste.debian.net/hidden/ad6580b3/

Ich weiß mir darauf keinen Reim zu bilden...

Auch das habe ich probiert:
Code:
/etc/directoryservice/ActiveDirectory/ctl start
ERROR: Unable to find domain controllers for AAM
Habe auch im UCS Forum ein Posting erstellt. Was ich nach erneutem lesen des Log sehe ist dass FreeNAS den falschen User an UCS zu übermitteln scheint:
Code:
cli_session_setup_spnego_send: Connect to ucs.aam.lan as root@AAM.LAN using SPNEGO
Im "Direcoty Service" ist aber Administrator eingetragen:
4FRKPq.jpg
 
Last edited:
Top