собственно, теперь по полочкам
конфиг кербероса
Код: Выделить всё
[libdefaults]
default_realm = S2N.SPECVISION.LOCAL
[realms]
S2N.SPECVISION.LOCAL = {
kdc = 192.168.221.2
admin_server = 192.168.221.2
}
[domain_realm]
.s2n.specvision.local = S2N.SPECVISION.LOCAL
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
Код: Выделить всё
workgroup = SPECVISION.LOCAL
realm = S2N.SPECVISION.LOCAL
netbios name = FS
server string = Samba Server %v
security = ADS
auth methods = winbind
map to guest = Bad User
password server = 192.168.221.2
printer admin = root
# client NTLMv2 auth = Yes
null passowords = Yes
log file = /var/log/samba/log.%m
max log size = 50
client signing = Yes
disable spoolss = Yes
preferred master = No
local master = No
domain master = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
inherit acls = Yes
hosts allow = 192.168.220., 192.168.221., 127.
map acl inherit = Yes
case sensitive = No
nt acl support = yes
os level = 10
socket options = TCP_NODELAY
load printers = yes
printing = cups
printcap name = /etc/printcap
guest account = TESTBOT
guest ok = yes
# debug level = 3
valid users=@"SPECVISION.LOCAL\\Domain Admins"
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
use client driver = yes
public = yes
[tmp]
comment = Temporary file space
path = /tmp
read only = No
create mask = 0666
create mode = 666
directory mode = 666
directory mask = 0777
guest ok = Yes
[films]
comment = Films, films, films
path = /var/shares/films
read list = "@SPECVISION\Domain Users"
write list = "@SPECVISION\Domain Admins"
read only = No
Код: Выделить всё
group: files winbind
passwd: files winbind
group_compat: nis
passwd_compat: nis
hosts: files dns
networks: files
shells: files
и собственно после net join -U TESTBOT -S S2N.SPECVISION.LOCAL -d 10
выкидывает много чего, покажу только кусок который больше всего смущает
Код: Выделить всё
rpc_api_pipe: got frag len of 40 at offset 0: NT_STATUS_OK
rpc_api_pipe: host S2N.SPECVISION.LOCAL returned 16 bytes.
netr_ServerAuthenticate2: struct netr_ServerAuthenticate2
out: struct netr_ServerAuthenticate2
return_credentials : *
return_credentials: struct netr_Credential
data : 0000000000000000
negotiate_flags : *
negotiate_flags : 0x600fffff (1611661311)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
1: NETLOGON_NEG_GENERIC_PASSTHROUGH
1: NETLOGON_NEG_CONCURRENT_RPC
1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_STRONG_KEYS
1: NETLOGON_NEG_TRANSITIVE_TRUSTS
1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
1: NETLOGON_NEG_PASSWORD_SET2
1: NETLOGON_NEG_GETDOMAININFO
1: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_SUPPORTS_AES_SHA2
0: NETLOGON_NEG_SUPPORTS_AES
1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_AUTHENTICATED_RPC
result : NT_STATUS_ACCESS_DENIED
rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
Locking key 534543524554532F5349
Allocated locked data 0x0x21f65090
Unlocking key 534543524554532F5349
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
sitename_fetch: No stored sitename for S2N.SPECVISION.LOCAL
internal_resolve_name: looking up S2N.SPECVISION.LOCAL#20 (sitename (null))
name S2N.SPECVISION.LOCAL#20 found.
Enter TESTBOT's password:
и после ввода валидного пассворда предлагает ввести пасс на машину FS=hostname
Код: Выделить всё
[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........
[0010] 00 00 00 00 ....
rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK
rpc_api_pipe: host S2N.SPECVISION.LOCAL returned 88 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_schannel_with_key: opened pipe \netlogon to machine S2N.SPECVISION.LOCAL for domain SPECVISION and bound using schannel.
smb_signing_md5: sequence number 50
smb_signing_sign_pdu: sent SMB signature of
[0000] F9 8B 2C 85 CA 6E E2 E0 ..,..n..
smb_signing_md5: sequence number 51
smb_signing_check_pdu: seq 51: got good SMB signature of
[0000] EB 09 68 BE EF AB 65 08 ..h...e.
smb_signing_md5: sequence number 52
smb_signing_sign_pdu: sent SMB signature of
[0000] 67 65 F6 EF 7F D9 46 5E ge....F^
smb_signing_md5: sequence number 53
smb_signing_check_pdu: seq 53: got good SMB signature of
[0000] 73 94 8D B9 27 D9 C4 4E s...'..N
Locking key 534543524554532F5349
Allocated locked data 0x0x21f40090
Unlocking key 534543524554532F5349
Locking key 534543524554532F4D41
Allocated locked data 0x0x21f400b0
Unlocking key 534543524554532F4D41
Locking key 534543524554532F4D41
Allocated locked data 0x0x21f0d430
Unlocking key 534543524554532F4D41
Locking key 534543524554532F4D41
Allocated locked data 0x0x21f0d430
Unlocking key 534543524554532F4D41
Locking key 534543524554532F4D41
Allocated locked data 0x0x21f0d430
Unlocking key 534543524554532F4D41
Enter FS$'s password:
Код: Выделить всё
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
Could not connect to server S2N.SPECVISION.LOCAL
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
Unable to join domain SPECVISION.
smb_signing_md5: sequence number 54
smb_signing_sign_pdu: sent SMB signature of
[0000] E7 60 02 A2 C2 61 87 33 .`...a.3
smb_signing_md5:: sequence number 55
smb_signing_check_pdu: seq 55: got good SMB signature of
[0000] DF 43 30 0A 95 94 56 33 .C0...V3
return code = -1
FS#
Код: Выделить всё
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
SPNEGO login failed: Logon failure