likewise package on lucid : Can no longer login to Windows domain

Some more info from syslog...

tony@mugan-lucid:~$ tail -f /var/log/syslog

Mar 22 17:55:01 mugan-lucid lwsmd: Logging started
Mar 22 17:55:01 mugan-lucid lwsmd: Starting service: lwreg
Mar 22 17:55:01 mugan-lucid lwsmd: Could not start bootstrap service: LW_ERROR_SERVICE_UNRESPONSIVE

You will need to do a complete purge of the previous likewise-open 5.4 deb
and rejoin. Upgrading from 4.x and 5.0 is supported but there was a previous
incompatible change to the on disk format of the state databases in
/var/lib/likewise-open/db the the 5.4.

Running the following commands will resolve this

  $ apt-get remove likewise-open
  $ dpkg --purge likewise-open
  $ apt-get install likewise-open

And the rejoin the AD domain will resolve this.

Note that this information should have been mentioned in the package README on upgrade from the 5.4 package included in Lucid Alpha2, My apologies.

The machine is in a bit of a knot now.

I got some errors trying to remove as the daemon could not be stopped.

Then I reinstalled and tried to rejoin the domain but got an error.
So I removed the computer from Active Directory manually on the server and restarted the Ubuntu Lucid desktop and tried to rejoin the AD.

Now Likewise GUI is saying the machine is a member of AD but it is not.
It will not let me "Leave Domain" with an error dialog giving this information...

1387 (0x56B) ERROR_NO_SUCH_MEMBER - Unknown error

Error code: CENTERROR_DOMAINJOIN_LSASS_ERROR (0x00080047)

Backtrace:
    main.c:368
    djmodule.c:323
    djauthinfo.c:925
    djauthinfo.c:1238

How do I leave the domain so I can rejoin?

Ahh...right. ok. I've got an oustanding but report in my head on that one.

Run the following 2 commands (as root) to fix the leave issue. I'll get this issue fixed in the upload.

  $ lw-mod-group --add-members "DOMAIN\domain admins" "BUILTIN\administrators"
  $ lw-mod-group --add-members "DOMAIN\domain users" "BUILTIN\users"

Make sure to replace "DOMAIN" with the name of you domain.

Ok, before I saw your reply, I managed to get the machien removed and rejoined to the domain

I needed to issue rm -rf /etc/likewise-open/

After I rejoined, I still could not login with my user account on the domain.

I subsequently issued the command you list above but got the following errors...

Failed to modify group. Error code 1378 (ERROR_MEMBER_IN_ALIAS).
User is already in local group

Now if I try to leave the domain with the gui, l don't get prompted for any login and get an error dialog that shows...
1225 (0x4C9) ERROR_CONNECTION_REFUSED - Unknown error
Error code: CENTERROR_DOMAINJOIN_LSASS_ERROR (0x00080047)

Backtrace:
    main.c:368
    djmodule.c:323
    djauthinfo.c:925
    djauthinfo.c:1238

Thanks for your help,

Regards,

Tony.

Tony, Let's just reset to the beginning. Run the following commands. Don't worry about leaving
the domain.

  $ killall lwsmd lwregd dcerpcd netlogond eventlogd lwiod lsassd

killall -9 if you have to. We're going to reset state anyways.

  $ /bin/rm -rf /var/lib/likewise-open
  $ mkdir -p /var/lib/likewise-open/{db,rpc,run}
  $ chmod 700 -p /var/lib/likewise-open/db

Now start lwsmd:

  $ /etc/init.d/lwsmd start

Import settings

  $ for file in /etc/likewise-open/*.reg; do lwregshell import $file; done

Reload lwsmd

   $ /etc/init.d/lwsmd reload

Start lsassd

  $ lwsm start lsass

You will have a clean state. You should now be able to rejoin the domain and hopefully everything will be resolved.

Gerard,

Thanks for your assistance.

I had to remove the "-p" from the line
 $ chmod 700 -p /var/lib/likewise-open/db

Also, the last line gave an error
lwsm start lsass
Error: LW_ERROR_NO_SUCH_SERVICE (41204)
No service with the specified name exists

I will restart and then try to join the domain again.

Regards,

Tony.

On 24 March 2010 00:03, Gerald Carter <email address hidden> wrote:

> Tony, Let's just reset to the beginning. Run the following commands.
> Don't worry about leaving
> the domain.
>
> $ killall lwsmd lwregd dcerpcd netlogond eventlogd lwiod lsassd
>
> killall -9 if you have to. We're going to reset state anyways.
>
> $ /bin/rm -rf /var/lib/likewise-open
> $ mkdir -p /var/lib/likewise-open/{db,rpc,run}
> $ chmod 700 -p /var/lib/likewise-open/db
>
> Now start lwsmd:
>
> $ /etc/init.d/lwsmd start
>
> Import settings
>
> $ for file in /etc/likewise-open/*.reg; do lwregshell import $file;
> done
>
> Reload lwsmd
>
> $ /etc/init.d/lwsmd reload
>
> Start lsassd
>
> $ lwsm start lsass
>
> You will have a clean state. You should now be able to rejoin the
> domain and hopefully everything will be resolved.
>
> --
> likewise package on lucid : Can no longer login to Windows domain
> https://bugs.launchpad.net/bugs/543963
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “likewise-open” package in Ubuntu: Confirmed
>
> Bug description:
> Binary package hint: likewise-open
>
> Up until this week, I had my desktop configured to login to a windows 2003
> Domain using Likewise under Lucid (with all latest updates).
>
> I performed an update this morning which would have included no more than a
> week's worth of Lucid updates and the Likewise daemon is not starting.
>
> I get an error dialog when I run /usr/bin/domainjoin-gui (as root) which
> says...
>
> An attempt was made to start the '/etc/init.d/lwsmd' daemon, but querying
> its status revealed that it did not start. Try running '/etc/init.d/lwsmd
> start; /etc/init.d/lwsmd status' to diagnose the issue
>
> Details...
>
> Error code: CENTERROR_DOMAINJOIN_INCORRECT_STATUS (0x00080018)
>
> Backtrace:
> main.c:592
> djauthinfo.c:1025
> djdaemonmgr_nonmac.c:915
> djdaemonmgr_nonmac.c:314
>
> If I then save the log file and look at that it shows
>
> 20100322173924:INFO:Checking status of daemon [/etc/init.d/lwsmd]
> 20100322173924:INFO:Daemon [/etc/init.d/lwsmd]: status [3]
> 20100322173924:VERBOSE:Looking for '/sbin/chkconfig'
> 20100322173924:VERBOSE:Looking for '/usr/sbin/update-rc.d'
> 20100322173924:VERBOSE:Found '/usr/sbin/update-rc.d'
> 20100322173924:INFO:Checking status of daemon [/etc/init.d/lwsmd]
> 20100322173924:INFO:Daemon [/etc/init.d/lwsmd]: status [3]
> 20100322173924:INFO:Starting daemon [/etc/init.d/lwsmd]
> 20100322173924:INFO:Checking status of daemon [/etc/init.d/lwsmd]
> 20100322173924:INFO:Daemon [/etc/init.d/lwsmd]: status [3]
>
> ProblemType: Bug
> Architecture: amd64
> Date: Mon Mar 22 17:46:03 2010
> DistroRelease: Ubuntu 10.04
> InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha amd64 (20100224.1)
> Package: likewise-open-gui 5.4.0.42111-1
> ProcEnviron:
> LANG=en_AU.utf8
> SHELL=/...

Whoops, typo, sorry Gerald :S

Now when I try to run the GUI to join the domain I get an error dialog

Unable to start daemon
An attempt was made to start the '/etc/init.d/netlogond' daemon, but
querying its status revealed that it did not start. Try running
'/etc/init.d/netlogond start; /etc/init.d/netlogond status' to diagnose the
issue

Error code: CENTERROR_DOMAINJOIN_INCORRECT_STATUS (0x00080018)

Backtrace:
    main.c:592
    djauthinfo.c:1029
    djdaemonmgr_nonmac.c:915
    djdaemonmgr_nonmac.c:314

On 26 March 2010 09:56, Tony Mugan <email address hidden> wrote:

> Gerard,
>
> Thanks for your assistance.
>
> I had to remove the "-p" from the line
>
> $ chmod 700 -p /var/lib/likewise-open/db
>
> Also, the last line gave an error
> lwsm start lsass
> Error: LW_ERROR_NO_SUCH_SERVICE (41204)
> No service with the specified name exists
>
> I will restart and then try to join the domain again.
>
> Regards,
>
> Tony.
>
>
> On 24 March 2010 00:03, Gerald Carter <email address hidden> wrote:
>
>> Tony, Let's just reset to the beginning. Run the following commands.
>> Don't worry about leaving
>> the domain.
>>
>> $ killall lwsmd lwregd dcerpcd netlogond eventlogd lwiod lsassd
>>
>> killall -9 if you have to. We're going to reset state anyways.
>>
>> $ /bin/rm -rf /var/lib/likewise-open
>> $ mkdir -p /var/lib/likewise-open/{db,rpc,run}
>> $ chmod 700 -p /var/lib/likewise-open/db
>>
>> Now start lwsmd:
>>
>> $ /etc/init.d/lwsmd start
>>
>> Import settings
>>
>> $ for file in /etc/likewise-open/*.reg; do lwregshell import $file;
>> done
>>
>> Reload lwsmd
>>
>> $ /etc/init.d/lwsmd reload
>>
>> Start lsassd
>>
>> $ lwsm start lsass
>>
>> You will have a clean state. You should now be able to rejoin the
>> domain and hopefully everything will be resolved.
>>
>> --
>> likewise package on lucid : Can no longer login to Windows domain
>> https://bugs.launchpad.net/bugs/543963
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>> Status in “likewise-open” package in Ubuntu: Confirmed
>>
>> Bug description:
>> Binary package hint: likewise-open
>>
>> Up until this week, I had my desktop configured to login to a windows 2003
>> Domain using Likewise under Lucid (with all latest updates).
>>
>> I performed an update this morning which would have included no more than
>> a week's worth of Lucid updates and the Likewise daemon is not starting.
>>
>> I get an error dialog when I run /usr/bin/domainjoin-gui (as root) which
>> says...
>>
>> An attempt was made to start the '/etc/init.d/lwsmd' daemon, but querying
>> its status revealed that it did not start. Try running '/etc/init.d/lwsmd
>> start; /etc/init.d/lwsmd status' to diagnose the issue
>>
>> Details...
>>
>> Error code: CENTERROR_DOMAINJOIN_INCORRECT_STATUS (0x00080018)
>>
>> Backtrace:
>> main.c:592
>> djauthinfo.c:1025
>> djdaemonmgr_nonmac.c:915
>> djdaemonmgr_nonmac.c:314
>>
>> If I then save the log file and look at that it shows
>>
>> 20100322173924:INFO:Checking status of daemon [/etc/init.d/lwsmd]
>> 20100322173924:INFO:Daemon [/etc/init.d/lwsmd]: status [3]
>> 20100322173924:VERBOSE:Looking for '/sbin/chkconfig'
>> 20100322173924...

If I try running the recommended command line in comment #10 I get the following.

tony@mugan-lucid:~$ /etc/init.d/netlogond start; /etc/init.d/netlogond status
 * Starting : [fail]
Error: LW_ERROR_NO_SUCH_SERVICE (41204)
No service with the specified name exists

Ok, false alarm.

I reran your receommended lines and saw that one was being pasted onto two lines.

for file in /etc/likewise-open/*.reg; do lwregshell import $file; done

When rectified, that worked fine.

Thank you for all your help, Gerald.

BTW, is this process shown anywhere for other users to reset their likewise client setup?

Tony, In general it should be handled via a dpkg --purge and a reinstall. I'll have to fix the bug that prevented you from uninstalling and I think that we'll be safe moving forward. I don't really want to tell ppl to "rm -rf" state files as a general rule. For example, there are command line tools for clearing the AD cache and other DBs.

Gerald,

Thanks again for assisting me get this sorted.
Feel free to mark this as closed.

Cheers,

Tony.

Gerald,

I have the same issue. Trying your 5.4 Lucid packages from your PPA. Haven't managed to clear it up.

Error: Lsass Error [code 0x00080047]

31 (0x1F) ERROR_GEN_FAILURE - Unknown error
20100405010704:ERROR:Lsass Error [CENTERROR_DOMAINJOIN_LSASS_ERROR]

31 (0x1F) ERROR_GEN_FAILURE - Unknown error

I also get this in the syslog from lsassd after making it's logging a bit more verbose:

lsassd[8896]: 0x7fe289a3a710:Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 31, symbol = ERROR_GEN_FAILURE, client pid = 8981

The first start of lsass after importing the registry files results in:

Apr 5 01:12:14 station-1 lsassd[13768]: 0x7f541a2bc760:Couldn't start lsarpc rpc server (error: 40140)
Apr 5 01:12:14 station-1 lsassd[13768]: 0x7f541a2bc760:Couldn't start samr rpc server (error: 40140)
Apr 5 01:12:14 station-1 lsassd[13768]: 0x7f541a2bc760:Couldn't start dssetup rpc server (error: 40140)

Which was caused by dcerpcd not starting. Fine. I started it. Those errors are gone. But I still have the CENTERROR_DOMAINJOIN_LSASS_ERROR error.

I just found this bug track after encountering the same CENTERROR_DOMAINJOIN_LSASS_ERROR error message. My problem resulted after I joined a new Lucid machines to our domain for our Lucid pre-release testing. It worked and I then ran the domainjoin-cli leave command. That worked as well.

The problem occurred after I imaged the workstation and recast it on a new box. Joining the clone to the domain failed with the described error. I used Gerald Carter's previously posted apt-get steps to remove, purge and reinstall. Then it worked.

sudo apt-get remove likewise-open
sudo dpkg --purge likewise-open
sudo apt-get install likewise-open

Perhaps some kind of state cache is not being cleaned up when the domainjoin-cli leave is executed. We did not have this problem with Karmic.

Forgot to include my package version in my previous post:

Package: likewise-open
New: yes
State: installed
Automatically installed: no
Version: 5.4.0.42111-2

I've used this post to get my likewise "basically" working after upgrading to Lucid, but the primary issue I am having now is that when I go to login, it does not recognize assume-default-domain = yes anymore. So, effectively, I'm locked out of the domain account on the machine which I had been previously using. If I login with DOMAIN\username, it logs me in, authenticates just fine...however it is using a new account on the machine.

I have verified the assume-default-domain setting in lsassd.conf. My nsswitch.conf is set to compat lsass for passwd, group.

Does anyone have any suggestions for dealing with this? How do I get back to my old account?

Package: likewise-open
Status: install ok installed
Architecture: i386
Version: 5.4.0.42111-2ubuntu1

Don, The AssumeDefaultDomain failure is logged as LP BUG 534629. We should coordinate information there.

Hi friends,
I had tried to leave the domain with the gui, l don't get prompted for any login and get an error dialog that shows...
1225 (0x4C9) ERROR_CONNECTION_REFUSED - Unknown error
Error code: CENTERROR_DOMAINJOIN_LSASS_ERROR (0x00080047)

Backtrace:
    main.c:368
    djmodule.c:323
    djauthinfo.c:925
    djauthinfo.c:1238

Thanks for your help,

Regards,

Manish.