1859503 – Realm join fails with error 'Failed to join domain: failed to lookup DC info for domain 'testdomain12.com' over rpc: {Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation'

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1859503 - Realm join fails with error 'Failed to join domain: failed to lookup DC info for domain 'testdomain12.com' over rpc: {Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation'

Summary: Realm join fails with error 'Failed to join domain: failed to lookup DC info ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	realmd
Sub Component:
Version:	8.3
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	8.0
Assignee:	Sumit Bose
QA Contact:	sssd-qe
Docs Contact:
URL:
Whiteboard:	sync-to-jira
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-22 09:44 UTC by Bhavana
Modified:	2020-11-04 02:17 UTC (History)
CC List:	7 users (show)
Fixed In Version:	realmd-0.16.3-19.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-11-04 02:17:20 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	pm-rhel: mirror+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:4601	0	None	None	None	2020-11-04 02:17:22 UTC

Comment 1 Andreas Schneider 2020-07-22 11:58:32 UTC

Please always provide `testparm -s` output form that machine

Comment 2 Andreas Schneider 2020-07-22 14:45:35 UTC

Is this a machine with FIPS enabled? If yes, NTLM doesn't work in FIPS mode as it is based on RC4 ...

Comment 6 Andreas Schneider 2020-08-05 08:44:01 UTC

Isaac, yes you're right. 'realm join' doesn't use -k

Comment 7 Sumit Bose 2020-08-11 09:47:12 UTC

Hi,

it looks like just adding '-k' does not help:

 /usr/bin/net -s /tmp/realmd-smb-conf.5XMOP0 -U Administrator -k ads join dom-067.abc.idm.lab.eng.brq.redhat.com -d 10
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
Processing section "[global]"
doing parameter workgroup = DOM-067
doing parameter netbios name = CI-VM-10-0-136-
doing parameter realm = DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
doing parameter kerberos method = secrets and keytab
doing parameter security = ads
pm_process() returned Yes
lp_servicenumber: couldn't find homes
messaging_dgm_ref: messaging_dgm_init returned Success
messaging_dgm_ref: unique = 11754242670764728861
Registering messaging pointer for type 2 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Registering messaging pointer for type 51 - private_data=(nil)
messaging_init_internal: my id: 11573
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
Processing section "[global]"
doing parameter workgroup = DOM-067
doing parameter netbios name = CI-VM-10-0-136-
doing parameter realm = DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
doing parameter kerberos method = secrets and keytab
doing parameter security = ads
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="CI-VM-10-0-136-"
added interface eth0 ip=2620:52:0:88:f816:3eff:fe3e:beaa bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.136.207 bcast=10.0.139.255 netmask=255.255.252.0
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'CI-VM-10-0-136-'
            domain_name              : *
                domain_name              : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
            domain_name_type         : JoinDomNameTypeDNS (1)
            account_ou               : NULL
            admin_account            : 'Administrator'
            admin_domain             : NULL
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            os_servicepack           : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            dnshostname              : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x01 (1)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
            desired_encryption_types : 0x0000001f (31)
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: Returning sitename for realm 'dom-067.abc.idm.lab.eng.brq.redhat.com': "Default-First-Site-Name"
dsgetdcname_internal: domain_name: dom-067.abc.idm.lab.eng.brq.redhat.com, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011
debug_dsdcinfo_flags: 0x40021011
	DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME 
dsgetdcname_rediscover
dns_lookup_send_next: Sending DNS request #0 to 10.37.170.126
dns_cli_request_send: Asking 10.37.170.126 for _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.dom-067.abc.idm.lab.eng.brq.redhat.com/1/33 via UDP
[0000] DD 75 01 00 00 01 00 00   00 00 00 00 05 5F 6C 64   .u...... ....._ld
[0010] 61 70 04 5F 74 63 70 17   44 65 66 61 75 6C 74 2D   ap._tcp. Default-
[0020] 46 69 72 73 74 2D 53 69   74 65 2D 4E 61 6D 65 06   First-Si te-Name.
[0030] 5F 73 69 74 65 73 02 64   63 06 5F 6D 73 64 63 73   _sites.d c._msdcs
[0040] 07 64 6F 6D 2D 30 36 37   03 61 62 63 03 69 64 6D   .dom-067 .abc.idm
[0050] 03 6C 61 62 03 65 6E 67   03 62 72 71 06 72 65 64   .lab.eng .brq.red
[0060] 68 61 74 03 63 6F 6D 00   00 21 00 01               hat.com. .!..
[0000] DD 75 85 80 00 01 00 01   00 00 00 02 05 5F 6C 64   .u...... ....._ld
[0010] 61 70 04 5F 74 63 70 17   44 65 66 61 75 6C 74 2D   ap._tcp. Default-
[0020] 46 69 72 73 74 2D 53 69   74 65 2D 4E 61 6D 65 06   First-Si te-Name.
[0030] 5F 73 69 74 65 73 02 64   63 06 5F 6D 73 64 63 73   _sites.d c._msdcs
[0040] 07 64 6F 6D 2D 30 36 37   03 61 62 63 03 69 64 6D   .dom-067 .abc.idm
[0050] 03 6C 61 62 03 65 6E 67   03 62 72 71 06 72 65 64   .lab.eng .brq.red
[0060] 68 61 74 03 63 6F 6D 00   00 21 00 01 C0 0C 00 21   hat.com. .!.....!
[0070] 00 01 00 00 02 58 00 35   00 00 00 64 01 85 06 76   .....X.5 ...d...v
[0080] 6D 2D 30 36 37 07 64 6F   6D 2D 30 36 37 03 61 62   m-067.do m-067.ab
[0090] 63 03 69 64 6D 03 6C 61   62 03 65 6E 67 03 62 72   c.idm.la b.eng.br
[00A0] 71 06 72 65 64 68 61 74   03 63 6F 6D 00 C0 7E 00   q.redhat .com..~.
[00B0] 01 00 01 00 00 0E 10 00   04 0A 25 AA 7E C0 7E 00   ........ ..%.~.~.
[00C0] 1C 00 01 00 00 0E 10 00   10 26 20 00 52 00 00 25   ........ .& .R..%
[00D0] AA 84 ED 7D 2F 14 84 60   E1                        ...}/..` .
dns_cli_request_udp_done: Got op=8580 1/1/0/0 recs
LDAP ping to vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com (10.37.170.126)
     &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
        command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
        sbz                      : 0x0000 (0)
        server_type              : 0x000033fd (13309)
               1: NBT_SERVER_PDC           
               1: NBT_SERVER_GC            
               1: NBT_SERVER_LDAP          
               1: NBT_SERVER_DS            
               1: NBT_SERVER_KDC           
               1: NBT_SERVER_TIMESERV      
               1: NBT_SERVER_CLOSEST       
               1: NBT_SERVER_WRITABLE      
               1: NBT_SERVER_GOOD_TIMESERV 
               0: NBT_SERVER_NDNC          
               0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
               1: NBT_SERVER_FULL_SECRET_DOMAIN_6
               1: NBT_SERVER_ADS_WEB_SERVICE
               0: NBT_SERVER_DS_8          
               0: NBT_SERVER_HAS_DNS_NAME  
               0: NBT_SERVER_IS_DEFAULT_NC 
               0: NBT_SERVER_FOREST_ROOT   
        domain_uuid              : 4b28f74a-1d16-42b9-be98-97ad877b34da
        forest                   : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
        dns_domain               : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
        pdc_dns_name             : 'vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com'
        domain_name              : 'DOM-067'
        pdc_name                 : 'VM-067'
        user_name                : ''
        server_site              : 'Default-First-Site-Name'
        client_site              : 'Default-First-Site-Name'
        sockaddr_size            : 0x00 (0)
        sockaddr: struct nbt_sockaddr
            sockaddr_family          : 0x00000000 (0)
            pdc_ip                   : (null)
            remaining                : DATA_BLOB length=0
        next_closest_site        : NULL
        nt_version               : 0x00000005 (5)
               1: NETLOGON_NT_VERSION_1    
               0: NETLOGON_NT_VERSION_5    
               1: NETLOGON_NT_VERSION_5EX  
               0: NETLOGON_NT_VERSION_5EX_WITH_IP
               0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
               0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
               0: NETLOGON_NT_VERSION_PDC  
               0: NETLOGON_NT_VERSION_IP   
               0: NETLOGON_NT_VERSION_LOCAL
               0: NETLOGON_NT_VERSION_GC   
        lmnt_token               : 0xffff (65535)
        lm20_token               : 0xffff (65535)
gencache_set_data_blob: Adding cache entry with key=[DSGETDCNAME/DOMAIN/DOM-067] and timeout=[Tue Aug 11 05:54:29 2020 EDT] (900 seconds ahead)
sitename_store: realm = [DOM-067], sitename = [Default-First-Site-Name], expire = [2085923199]
gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DOM-067] and timeout=[Wed Dec 31 18:59:59 -2147481749 EST] (67768034594538030 seconds ahead)
gencache_set_data_blob: Adding cache entry with key=[DSGETDCNAME/DOMAIN/DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM] and timeout=[Tue Aug 11 05:54:29 2020 EDT] (900 seconds ahead)
sitename_store: realm = [dom-067.abc.idm.lab.eng.brq.redhat.com], sitename = [Default-First-Site-Name], expire = [2085923199]
gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM] and timeout=[Wed Dec 31 18:59:59 -2147481749 EST] (67768034594538030 seconds ahead)
create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf._JOIN_, realm = dom-067.abc.idm.lab.eng.brq.redhat.com, domain = _JOIN_
saf_fetch: failed to find server for "dom-067.abc.idm.lab.eng.brq.redhat.com" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up dom-067.abc.idm.lab.eng.brq.redhat.com#dcdc (sitename Default-First-Site-Name)
resolve_ads: Attempting to resolve KDCs for dom-067.abc.idm.lab.eng.brq.redhat.com using DNS
dns_lookup_send_next: Sending DNS request #0 to 10.37.170.126
dns_cli_request_send: Asking 10.37.170.126 for _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dom-067.abc.idm.lab.eng.brq.redhat.com/1/33 via UDP
[0000] CC 73 01 00 00 01 00 00   00 00 00 00 09 5F 6B 65   .s...... ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 17 44 65 66 61   rberos._ tcp.Defa
[0020] 75 6C 74 2D 46 69 72 73   74 2D 53 69 74 65 2D 4E   ult-Firs t-Site-N
[0030] 61 6D 65 06 5F 73 69 74   65 73 02 64 63 06 5F 6D   ame._sit es.dc._m
[0040] 73 64 63 73 07 64 6F 6D   2D 30 36 37 03 61 62 63   sdcs.dom -067.abc
[0050] 03 69 64 6D 03 6C 61 62   03 65 6E 67 03 62 72 71   .idm.lab .eng.brq
[0060] 06 72 65 64 68 61 74 03   63 6F 6D 00 00 21 00 01   .redhat. com..!..
[0000] CC 73 85 80 00 01 00 01   00 00 00 02 09 5F 6B 65   .s...... ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 17 44 65 66 61   rberos._ tcp.Defa
[0020] 75 6C 74 2D 46 69 72 73   74 2D 53 69 74 65 2D 4E   ult-Firs t-Site-N
[0030] 61 6D 65 06 5F 73 69 74   65 73 02 64 63 06 5F 6D   ame._sit es.dc._m
[0040] 73 64 63 73 07 64 6F 6D   2D 30 36 37 03 61 62 63   sdcs.dom -067.abc
[0050] 03 69 64 6D 03 6C 61 62   03 65 6E 67 03 62 72 71   .idm.lab .eng.brq
[0060] 06 72 65 64 68 61 74 03   63 6F 6D 00 00 21 00 01   .redhat. com..!..
[0070] C0 0C 00 21 00 01 00 00   02 58 00 35 00 00 00 64   ...!.... .X.5...d
[0080] 00 58 06 76 6D 2D 30 36   37 07 64 6F 6D 2D 30 36   .X.vm-06 7.dom-06
[0090] 37 03 61 62 63 03 69 64   6D 03 6C 61 62 03 65 6E   7.abc.id m.lab.en
[00A0] 67 03 62 72 71 06 72 65   64 68 61 74 03 63 6F 6D   g.brq.re dhat.com
[00B0] 00 C0 82 00 01 00 01 00   00 0E 10 00 04 0A 25 AA   ........ ......%.
[00C0] 7E C0 82 00 1C 00 01 00   00 0E 10 00 10 26 20 00   ~....... .....& .
[00D0] 52 00 00 25 AA 84 ED 7D   2F 14 84 60 E1            R..%...} /..`.
dns_cli_request_udp_done: Got op=8580 1/1/0/0 recs
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 2 addresses: 10.37.170.126:88 2620:52:0:25aa:84ed:7d2f:1484:60e1:88 
Adding 2 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain dom-067.abc.idm.lab.eng.brq.redhat.com server 10.37.170.126
check_negative_conn_cache returning result 0 for domain dom-067.abc.idm.lab.eng.brq.redhat.com server 2620:52:0:25aa:84ed:7d2f:1484:60e1
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 10.37.170.126:88 2620:52:0:25aa:84ed:7d2f:1484:60e1:88 
got 2 addresses from site Default-First-Site-Name search
saf_fetch: failed to find server for "dom-067.abc.idm.lab.eng.brq.redhat.com" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up dom-067.abc.idm.lab.eng.brq.redhat.com#dcdc (sitename (null))
resolve_ads: Attempting to resolve KDCs for dom-067.abc.idm.lab.eng.brq.redhat.com using DNS
dns_lookup_send_next: Sending DNS request #0 to 10.37.170.126
dns_cli_request_send: Asking 10.37.170.126 for _kerberos._tcp.dc._msdcs.dom-067.abc.idm.lab.eng.brq.redhat.com/1/33 via UDP
[0000] CD E6 01 00 00 01 00 00   00 00 00 00 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 02 64 63 06 5F   rberos._ tcp.dc._
[0020] 6D 73 64 63 73 07 64 6F   6D 2D 30 36 37 03 61 62   msdcs.do m-067.ab
[0030] 63 03 69 64 6D 03 6C 61   62 03 65 6E 67 03 62 72   c.idm.la b.eng.br
[0040] 71 06 72 65 64 68 61 74   03 63 6F 6D 00 00 21 00   q.redhat .com..!.
[0050] 01                                                 . 
[0000] CD E6 85 80 00 01 00 01   00 00 00 02 09 5F 6B 65   ........ ....._ke
[0010] 72 62 65 72 6F 73 04 5F   74 63 70 02 64 63 06 5F   rberos._ tcp.dc._
[0020] 6D 73 64 63 73 07 64 6F   6D 2D 30 36 37 03 61 62   msdcs.do m-067.ab
[0030] 63 03 69 64 6D 03 6C 61   62 03 65 6E 67 03 62 72   c.idm.la b.eng.br
[0040] 71 06 72 65 64 68 61 74   03 63 6F 6D 00 00 21 00   q.redhat .com..!.
[0050] 01 C0 0C 00 21 00 01 00   00 02 58 00 35 00 00 00   ....!... ..X.5...
[0060] 64 00 58 06 76 6D 2D 30   36 37 07 64 6F 6D 2D 30   d.X.vm-0 67.dom-0
[0070] 36 37 03 61 62 63 03 69   64 6D 03 6C 61 62 03 65   67.abc.i dm.lab.e
[0080] 6E 67 03 62 72 71 06 72   65 64 68 61 74 03 63 6F   ng.brq.r edhat.co
[0090] 6D 00 C0 63 00 01 00 01   00 00 0E 10 00 04 0A 25   m..c.... .......%
[00A0] AA 7E C0 63 00 1C 00 01   00 00 0E 10 00 10 26 20   .~.c.... ......& 
[00B0] 00 52 00 00 25 AA 84 ED   7D 2F 14 84 60 E1         .R..%... }/..`.
dns_cli_request_udp_done: Got op=8580 1/1/0/0 recs
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 2 addresses: 10.37.170.126:88 2620:52:0:25aa:84ed:7d2f:1484:60e1:88 
Adding 2 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain dom-067.abc.idm.lab.eng.brq.redhat.com server 10.37.170.126
check_negative_conn_cache returning result 0 for domain dom-067.abc.idm.lab.eng.brq.redhat.com server 2620:52:0:25aa:84ed:7d2f:1484:60e1
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 10.37.170.126:88 2620:52:0:25aa:84ed:7d2f:1484:60e1:88 
got 2 addresses from site-less search
get_kdc_ip_string: 1 additional KDCs to test
     &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
        command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
        sbz                      : 0x0000 (0)
        server_type              : 0x000033fd (13309)
               1: NBT_SERVER_PDC           
               1: NBT_SERVER_GC            
               1: NBT_SERVER_LDAP          
               1: NBT_SERVER_DS            
               1: NBT_SERVER_KDC           
               1: NBT_SERVER_TIMESERV      
               1: NBT_SERVER_CLOSEST       
               1: NBT_SERVER_WRITABLE      
               1: NBT_SERVER_GOOD_TIMESERV 
               0: NBT_SERVER_NDNC          
               0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
               1: NBT_SERVER_FULL_SECRET_DOMAIN_6
               1: NBT_SERVER_ADS_WEB_SERVICE
               0: NBT_SERVER_DS_8          
               0: NBT_SERVER_HAS_DNS_NAME  
               0: NBT_SERVER_IS_DEFAULT_NC 
               0: NBT_SERVER_FOREST_ROOT   
        domain_uuid              : 4b28f74a-1d16-42b9-be98-97ad877b34da
        forest                   : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
        dns_domain               : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
        pdc_dns_name             : 'vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com'
        domain_name              : 'DOM-067'
        pdc_name                 : 'VM-067'
        user_name                : ''
        server_site              : 'Default-First-Site-Name'
        client_site              : 'Default-First-Site-Name'
        sockaddr_size            : 0x00 (0)
        sockaddr: struct nbt_sockaddr
            sockaddr_family          : 0x00000000 (0)
            pdc_ip                   : (null)
            remaining                : DATA_BLOB length=0
        next_closest_site        : NULL
        nt_version               : 0x00000005 (5)
               1: NETLOGON_NT_VERSION_1    
               0: NETLOGON_NT_VERSION_5    
               1: NETLOGON_NT_VERSION_5EX  
               0: NETLOGON_NT_VERSION_5EX_WITH_IP
               0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
               0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
               0: NETLOGON_NT_VERSION_PDC  
               0: NETLOGON_NT_VERSION_IP   
               0: NETLOGON_NT_VERSION_LOCAL
               0: NETLOGON_NT_VERSION_GC   
        lmnt_token               : 0xffff (65535)
        lm20_token               : 0xffff (65535)
get_kdc_ip_string: Returning 		kdc = 10.37.170.126
		kdc = [2620:52:0:25aa:84ed:7d2f:1484:60e1]:88

create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf._JOIN_ with realm DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM KDC list = 		kdc = 10.37.170.126
		kdc = [2620:52:0:25aa:84ed:7d2f:1484:60e1]:88

sitename_fetch: Returning sitename for realm 'DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM': "Default-First-Site-Name"
internal_resolve_name: looking up vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com#20 (sitename Default-First-Site-Name)
name vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 2620:52:0:25aa:84ed:7d2f:1484:60e1 at port 445
convert_string_handle: E2BIG: convert_string(UTF-8,CP850): srclen=46 destlen=16 error: No more room
Connecting to 2620:52:0:25aa:84ed:7d2f:1484:60e1 at port 139
Connecting to 10.37.170.126 at port 445
convert_string_handle: E2BIG: convert_string(UTF-8,CP850): srclen=46 destlen=16 error: No more room
Connecting to 10.37.170.126 at port 139
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_REUSEPORT = 0
	SO_SNDBUF = 46080
	SO_RCVBUF = 364160
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
	TCP_QUICKACK = 1
	TCP_DEFER_ACCEPT = 0
cli_session_creds_prepare_krb5: Doing kinit for Administrator.IDM.LAB.ENG.BRQ.REDHAT.COM to access vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com
kerberos_kinit_password_ext: as Administrator.IDM.LAB.ENG.BRQ.REDHAT.COM using [MEMORY:cliconnect] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf._JOIN_]
smb_krb5_trace_cb: [11573] 1597138770.543696: Getting initial credentials for Administrator.IDM.LAB.ENG.BRQ.REDHAT.COM
smb_krb5_trace_cb: [11573] 1597138770.543697: Unrecognized enctype name in default_tkt_enctypes: DES-CBC-CRC
smb_krb5_trace_cb: [11573] 1597138770.543698: Unrecognized enctype name in default_tkt_enctypes: DES-CBC-MD5
smb_krb5_trace_cb: [11573] 1597138770.543700: Sending unauthenticated request
smb_krb5_trace_cb: [11573] 1597138770.543701: Sending request (230 bytes) to DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
smb_krb5_trace_cb: [11573] 1597138770.543702: Resolving hostname 10.37.170.126
smb_krb5_trace_cb: [11573] 1597138770.543703: Sending initial UDP request to dgram 10.37.170.126:88
smb_krb5_trace_cb: [11573] 1597138770.543704: Received answer (209 bytes) from dgram 10.37.170.126:88
smb_krb5_trace_cb: [11573] 1597138770.543705: Sending DNS URI query for _kerberos.DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM.
smb_krb5_trace_cb: [11573] 1597138770.543706: No URI records found
smb_krb5_trace_cb: [11573] 1597138770.543707: Sending DNS SRV query for _kerberos-master._udp.DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM.
smb_krb5_trace_cb: [11573] 1597138770.543708: Sending DNS SRV query for _kerberos-master._tcp.DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM.
smb_krb5_trace_cb: [11573] 1597138771.010839: No SRV records found
smb_krb5_trace_cb: [11573] 1597138771.010840: Response was not from master KDC
smb_krb5_trace_cb: [11573] 1597138771.010841: Received error from KDC: -1765328359/Additional pre-authentication required
smb_krb5_trace_cb: [11573] 1597138771.010844: Preauthenticating using KDC method data
smb_krb5_trace_cb: [11573] 1597138771.010845: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2)
smb_krb5_trace_cb: [11573] 1597138771.010846: Selected etype info: etype rc4-hmac, salt "", params ""
smb_krb5_trace_cb: [11573] 1597138771.010847: AS key obtained for encrypted timestamp: rc4-hmac/A4BB
smb_krb5_trace_cb: [11573] 1597138771.010849: Preauth module encrypted_timestamp (2) (real) returned: -1765328206/Cryptosystem internal error
smb_krb5_trace_cb: [11573] 1597138771.010850: Retrying AS request with master KDC
smb_krb5_trace_cb: [11573] 1597138771.010851: Getting initial credentials for Administrator.IDM.LAB.ENG.BRQ.REDHAT.COM
smb_krb5_trace_cb: [11573] 1597138771.010852: Unrecognized enctype name in default_tkt_enctypes: DES-CBC-CRC
smb_krb5_trace_cb: [11573] 1597138771.010853: Unrecognized enctype name in default_tkt_enctypes: DES-CBC-MD5
smb_krb5_trace_cb: [11573] 1597138771.010855: Sending unauthenticated request
smb_krb5_trace_cb: [11573] 1597138771.010856: Sending request (230 bytes) to DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM (master)
smb_krb5_trace_cb: [11573] 1597138771.010857: Sending DNS URI query for _kerberos.DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM.
smb_krb5_trace_cb: [11573] 1597138771.010858: No URI records found
smb_krb5_trace_cb: [11573] 1597138771.010859: Sending DNS SRV query for _kerberos-master._udp.DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM.
smb_krb5_trace_cb: [11573] 1597138771.010860: Sending DNS SRV query for _kerberos-master._tcp.DOM-067.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM.
smb_krb5_trace_cb: [11573] 1597138771.010861: No SRV records found
Kinit for Administrator.IDM.LAB.ENG.BRQ.REDHAT.COM to access vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com failed: Generic preauthentication failure
cli_session_setup_spnego_send: Connect to vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com as Administrator.IDM.LAB.ENG.BRQ.REDHAT.COM using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
smb_gss_krb5_import_cred ccache[MEMORY:cliconnect] failed with [Unspecified GSS failure.  Minor code may provide more information: No credentials cache found] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
gensec_update_send: ntlmssp[0x558059e379d0]: subreq: 0x558059e1a850
gensec_update_send: spnego[0x558059e35e30]: subreq: 0x558059e41550
gensec_update_done: ntlmssp[0x558059e379d0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x558059e1a850/../../auth/ntlmssp/ntlmssp.c:181]: state[2] error[0 (0x0)]  state[struct gensec_ntlmssp_update_state (0x558059e1aa00)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215]
gensec_update_done: spnego[0x558059e35e30]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x558059e41550/../../auth/gensec/spnego.c:1629]: state[2] error[0 (0x0)]  state[struct gensec_spnego_update_state (0x558059e41700)] timer[(nil)] finish[../../auth/gensec/spnego.c:2113]
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
     challenge: struct CHALLENGE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmChallenge (0x2)
        TargetNameLen            : 0x000e (14)
        TargetNameMaxLen         : 0x000e (14)
        TargetName               : *
            TargetName               : 'DOM-067'
        NegotiateFlags           : 0x62898215 (1653178901)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               1: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               1: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        ServerChallenge          : 5e08ab9d1507d787
        Reserved                 : 0000000000000000
        TargetInfoLen            : 0x0130 (304)
        TargetInfoMaxLen         : 0x0130 (304)
        TargetInfo               : *
            TargetInfo: struct AV_PAIR_LIST
                count                    : 0x00000007 (7)
                pair: ARRAY(7)
                    pair: struct AV_PAIR
                        AvId                     : MsvAvNbDomainName (0x2)
                        AvLen                    : 0x000e (14)
                        Value                    : union ntlmssp_AvValue(case 0x2)
                        AvNbDomainName           : 'DOM-067'
                    pair: struct AV_PAIR
                        AvId                     : MsvAvNbComputerName (0x1)
                        AvLen                    : 0x000c (12)
                        Value                    : union ntlmssp_AvValue(case 0x1)
                        AvNbComputerName         : 'VM-067'
                    pair: struct AV_PAIR
                        AvId                     : MsvAvDnsDomainName (0x4)
                        AvLen                    : 0x004c (76)
                        Value                    : union ntlmssp_AvValue(case 0x4)
                        AvDnsDomainName          : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
                    pair: struct AV_PAIR
                        AvId                     : MsvAvDnsComputerName (0x3)
                        AvLen                    : 0x005a (90)
                        Value                    : union ntlmssp_AvValue(case 0x3)
                        AvDnsComputerName        : 'vm-067.dom-067.abc.idm.lab.eng.brq.redhat.com'
                    pair: struct AV_PAIR
                        AvId                     : MsvAvDnsTreeName (0x5)
                        AvLen                    : 0x004c (76)
                        Value                    : union ntlmssp_AvValue(case 0x5)
                        AvDnsTreeName            : 'dom-067.abc.idm.lab.eng.brq.redhat.com'
                    pair: struct AV_PAIR
                        AvId                     : MsvAvTimestamp (0x7)
                        AvLen                    : 0x0008 (8)
                        Value                    : union ntlmssp_AvValue(case 0x7)
                        AvTimestamp              : Tue Aug 11 04:38:17 2020 EDT
                    pair: struct AV_PAIR
                        AvId                     : MsvAvEOL (0x0)
                        AvLen                    : 0x0000 (0)
                        Value                    : union ntlmssp_AvValue(case 0x0)
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1)
            ProductBuild             : 0x1db1 (7601)
            Reserved                 : 000000
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (0xF)
gensec_update_send: ntlmssp[0x558059e379d0]: subreq: 0x558059e354a0
gensec_update_send: spnego[0x558059e35e30]: subreq: 0x558059e3e610
gensec_update_done: ntlmssp[0x558059e379d0]: NT_STATUS_NO_MEMORY tevent_req[0x558059e354a0/../../auth/ntlmssp/ntlmssp.c:181]: state[3] error[-7963671676338569193 (0x917B5ACDC0000017)]  state[struct gensec_ntlmssp_update_state (0x558059e35650)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:218]
gensec_spnego_client_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_MEMORY
gensec_update_done: spnego[0x558059e35e30]: NT_STATUS_NO_MEMORY tevent_req[0x558059e3e610/../../auth/gensec/spnego.c:1629]: state[3] error[-7963671676338569193 (0x917B5ACDC0000017)]  state[struct gensec_spnego_update_state (0x558059e3e7c0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2036]
SPNEGO login failed: {Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation.
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : 'CI-VM-10-0-136-$'
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_guid              : 00000000-0000-0000-0000-000000000000
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to lookup DC info for domain 'dom-067.abc.idm.lab.eng.brq.redhat.com' over rpc: {Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation.'
            domain_is_ad             : 0x00 (0)
            set_encryption_types     : 0x00000000 (0)
            krb5_salt                : NULL
            result                   : WERR_NOT_ENOUGH_MEMORY
return code = -1

Comment 8 Sumit Bose 2020-08-11 09:55:19 UTC

ah, wait, let me check with AES keys ...

Comment 9 Sumit Bose 2020-08-11 11:08:07 UTC

(In reply to Sumit Bose from comment #8)
> ah, wait, let me check with AES keys ...

ok, sorry for the noise, with AES keys available using '-k' is working as you have expected.

bye,
Sumit

Comment 10 Sumit Bose 2020-08-11 13:21:25 UTC

Upstream:
 - f5a5b00033a3d9d55cb8661d1cf5e63facc1ea72

Comment 14 shridhar 2020-09-02 13:49:42 UTC

Tested with following data:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Test run ID   : 3758001
    Package       : realmd
    Installed     : realmd-0.16.3-19.el8.x86_64



:: [ 09:36:58 ] :: [  BEGIN   ] :: Running 'mv /etc/samba/smb.conf  /etc/samba/smb.conf_bk'
:: [ 09:36:58 ] :: [   PASS   ] :: Command 'mv /etc/samba/smb.conf  /etc/samba/smb.conf_bk' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 16s
::   Assertions: 23 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Join with membership software: samba
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 09:36:58 ] :: [  BEGIN   ] :: Running 'echo Pass2012! | kinit Amy.QE'
Password for Amy.QE: 
:: [ 09:37:01 ] :: [   PASS   ] :: Command 'echo Pass2012! | kinit Amy.QE' (Expected 0, got 0)
:: [ 09:37:01 ] :: [  BEGIN   ] :: Running 'realm -v join --membership-software=samba --client-software=winbind ad.baseos.qe'
 * Resolving: _ldap._tcp.ad.baseos.qe
 * Performing LDAP DSE lookup on: 10.37.152.14
 * Successfully discovered: ad.baseos.qe
 * Required files: /usr/libexec/oddjob/mkhomedir, /usr/sbin/oddjobd, /usr/bin/wbinfo, /usr/sbin/winbindd, /usr/bin/net
 * Joining using a truncated netbios name: CI-VM-10-0-139-
 * LANG=C LOGNAME=root KRB5CCNAME=/var/cache/realmd/realm-ad-kerberos-N3A7P0 /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.SGA7P0 -k ads join ad.baseos.qe
Using short domain name -- AD
Joined 'CI-VM-10-0-139-' to dns domain 'ad.baseos.qe'
No DNS domain configured for ci-vm-10-0-139-. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
 * LANG=C LOGNAME=root KRB5CCNAME=/var/cache/realmd/realm-ad-kerberos-N3A7P0 /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.SGA7P0 -k ads keytab create
 * /usr/bin/systemctl enable winbind.service
Created symlink /etc/systemd/system/multi-user.target.wants/winbind.service → /usr/lib/systemd/system/winbind.service.
 * /usr/bin/systemctl restart winbind.service
 * /usr/bin/sh -c /usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service
Backup stored at /var/lib/authselect/backups/2020-09-02-13-37-29.iYcpfV
Profile "winbind" was selected.
The following nsswitch maps are overwritten by the profile:
- passwd
- group

Make sure that winbind service is configured and enabled. See winbind documentation for more information.
 
- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module
  is present and oddjobd service is enabled and active
  - systemctl enable --now oddjobd.service

Created symlink /etc/systemd/system/multi-user.target.wants/oddjobd.service → /usr/lib/systemd/system/oddjobd.service.
 * Successfully enrolled machine in realm
:: [ 09:37:29 ] :: [   PASS   ] :: Command 'realm -v join --membership-software=samba --client-software=winbind ad.baseos.qe' (Expected 0, got 0)


marking verified.

Comment 17 errata-xmlrpc 2020-11-04 02:17:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (realmd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4601

Note You need to log in before you can comment on or make changes to this bug.