Lucid: domainjoin-cli fails error LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED

Bug #575070 reported by lequeux1
48
This bug affects 8 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

Binary package hint: likewise-open

Expected: domainjoin-cli functional in lucidLynx
Found: domainjoin-cli fails w/ error LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED
Likewise packages installed: likewise-open likewise-open-gui likewise-open-server

This:
  for both Lucid 64b and Lucid 32b (fresh installs)
  for both Lucid version 5.4.0.42111-2ubuntu1 and PPA version 5.4.0.42111-3~ppa3~lucid

More:

* lsb_release -d
Description: Ubuntu 10.04 LTS

* DNS is same as windows boxes (checked)

* AD forest includes one-way trusts

* Time is OK

* keytab is created, PC AD account is also created after domainjoin-cli

* 'lw-get-dc-name <domainname> , PPA version, works OK, and reports
---
 dwDomainControllerAddressType = 23
 dwFlags = 508
 dwVersion = 5
 wLMToken = 65535
 wNTToken = 65535
---

* log (from domainjoin-cli) reports
---
 20100503135014:INFO:Finishing krb5.conf configuration
 20100503135147:ERROR:Lsass Error [CENTERROR_DOMAINJOIN_LSASS_ERROR]
 40096 (0x9CA0) LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED - Enumerating domain trusts failed
 Stack Trace:
 main.c:938
 main.c:479
 djmodule.c:323
 djauthinfo.c:843
 djauthinfo.c:1187
---

* log (from /var/log/daemon.log)
---
 lsassd[2124]: 0x7fc0d941d710:Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 40096, symbol = LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED, client pid = 11595
---

Revision history for this message
defishguy (mkfischer) wrote :

I can confirm. AD / Win2k3r2 with a fresh install of Lucid.

Revision history for this message
albarbos (alexandre1229) wrote :

I have same problem, not working on Lucid.

Error message: LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED

Revision history for this message
Shane Graham (sgrahambo) wrote :

Confirmed with new install of 10.04 LTS Server (32-bit).

Revision history for this message
adecker (adecker89) wrote :

One more confirmation. Clean install of 10.04 LTS Server. Error: LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED

Revision history for this message
Clayton Kramer (clayton-kramer) wrote :

This is a long-shot. Have you checked the time sync between your Lucid machines and the AD server? I recall seeing this odd error but it went away after I installed NTP and reboot the workstation. Note, I was troubleshooting something else and didn't investigate the TRUST error.

Revision history for this message
lequeux1 (elequeux) wrote :

Yes: time sync was checked (Pl. see at top post), among other basic checks

Revision history for this message
wenhui (wenhui618) wrote :

Confirmed, not working on Lucid 64bit build in likewise open 5.4

Error message: LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED

But everything works fine with Likewise open 5.3 download from likewise.com

Revision history for this message
machiels (dt0ga) wrote :

I have same problem, not working on Lucid.

Error message: LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED

The Likewise open 5.3 not ok for integration. (Failed to query status from LSA Service. The LSA services is either not running, or most likely is in the process of starting up and is not able to show status at this time.......)

Revision history for this message
Vadim (vadikgo) wrote :

Look like likewise-open installer don't modify /etc/nsswitch.conf
Change /etc/nsswitch.conf like this:
passwd: compat lsass
group: compat lsass
shadow: compat

hosts: files dns [NOTFOUND=return]
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

and rejoin to domain.

Revision history for this message
Doki (lkishalmi) wrote :

I've modified the /etc/nsswitch.conf as above reboot, then rejoin, but I still have the LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED error.

Revision history for this message
Shane Graham (sgrahambo) wrote :

I tried modifying /etc/nsswitch.conf to match that above, and still got the LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED error as well.

Revision history for this message
wenhui (wenhui618) wrote :

checked again: domainjoin only work when use Administrator account.

Revision history for this message
faze4djs (faze4djs) wrote :

I also have this issue verbatim. I'm running Lucid 64-bit.

Revision history for this message
Chorca (chorca) wrote :

Same thing happening with me. Time is correct. This worked on Karmic with the exact same domain and that repo's version. Installed Lucid and am now getting this error.

Revision history for this message
Chorca (chorca) wrote :

The latest version downloaded from the Likewise website seems to work properly.

Revision history for this message
lequeux1 (elequeux) wrote :

I confirm Chorca's input:
 * works w/ likewise-open 6.0.0, not w/ 5.4 (either from Ubuntu repositories, or PPA likewise open) -> domainjoin & AD authent now work
 * This using same config. (Karmic 64bits)

-> LO Ubuntu: Pl. would you propose LW 6.0.0 for Karmic ? (at least in backports)

(& Thnx Chorca)

Revision history for this message
Joachim Nilsson (troglobit) wrote :

Same here, running Ubuntu Server 10.04 64-bit. No luck with either the standard likewise-open package or the PPA packages currently available.

However, as soon as I cleaned out everything (likewise-open* krb5-user krb5-config) and removed their config files in /etc/likewise* and /etc/krb5* and then installed the likewise-open 6 packages from http://www.likewise.com/community/index.php/download/ it all started fine.

I would really recommend backporting lwo 6 to (karmic and) lucid.

Revision history for this message
Scott Salley (ssalley) wrote :

I am getting Likewise 6.0 ready for Natty. I don't know how far back we will try to back port.

Revision history for this message
Tom Ellis (tellis) wrote :

I see you also entered in the LW bug tracker, adding here for tracing:
http://lobugs.likewise.com/show_bug.cgi?id=56

James Page (james-page)
Changed in likewise-open (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
EAB (adair-boder) wrote :

Experiencing this same issue in Ubuntu 14.04.3 using the latest PBIS 8.3

Revision history for this message
Rob A (docsmooth) wrote :

Zeth - check the mDNS settings listed in this bug: https://bugs.launchpad.net/ubuntu/+source/likewise-open/+bug/555525 if you have domains in your environment that end with ".local"

You can also use "/opt/pbis/bin/config DomainManagerIgnoreAllTrusts true" and then add specific trusts you wish to let uses come from with "/opt/pbis/bin/config DomainManagerIncludeTrustLIst doma.com domb.corp"

The PBIS Open support is right now on the BeyondTrust forum: http://forum.beyondtrust.com/viewforum/38/ if you need more help.

Revision history for this message
Dolganov Victor (victor-dolganov) wrote :

In my case, it was changed domain controller address, and at the client in the /etc/hosts remained the old address.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.