[Samba] krb5_cc_get_principal failed

Robert St.Denis stdenisro at AGR.GC.CA
Wed Oct 20 12:47:30 GMT 2004 

I'm trying to set up our test box here.  Identical versions and setup to
our devel box.  It is part of the domain (has already been joined).  And
there was a problem with the secrets.tdb file (corrupted or whatever).  

winbindd.log:
---
[2004/10/20 08:33:46, 1]
nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain XXXXXXXX XXXXXXXXX
S-1-5-21-1645522239-1202660629-725345543
[2004/10/20 08:33:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/10/20 08:33:46, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(65)
  ads_connect for domain XXXXXXXX failed: Cannot read password
[2004/10/20 08:33:46, 1] nsswitch/winbindd_util.c:init_domain_list(300)
  Could not fetch sid for our domain XXXXXXXX
[2004/10/20 08:33:46, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/10/20 08:33:46, 1]
libsmb/cliconnect.c:cli_session_setup_kerberos(516)
  spnego_gen_negTokenTarg failed: No credentials cache found
[2004/10/20 08:33:49, 1]
nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain XXXXX  S-1-5-21-2139973840-784154809-1042822891
[2004/10/20 08:33:51, 1]
.....
[2004/10/20 08:46:29, 0] nsswitch/winbindd_util.c:get_trust_pw(951)
  get_trust_pw: could not fetch trust account password for my domain
XXXXXXXX

wbinfo -u
Error looking up domain users

klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: XXXXXXXXXXXXXXXXXXX

Valid starting     Expires            Service principal
10/20/04 08:33:07  10/20/04 18:33:10  krbtgt/XXXXXXXXXXXXXXXX
        renew until 10/21/04 08:33:07, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
10/20/04 08:33:43  10/20/04 18:33:10  XXXXXXXXXXXXXXXX
        renew until 10/21/04 08:33:07, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
10/20/04 08:39:04  10/20/04 18:33:10  XXXXXXXXXXXXXXXXXX
        renew until 10/21/04 08:33:07, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5

looks right to me ?

smbclient -L -U <someotherhost> works ... but <localhost> doesnt, 

smbclient -d6 -L localhost -U stdenisro
INFO: Current debug levels:
  all: True/6
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/lib/smb.conf"
Processing section "[global]"
doing parameter workgroup = XXXXXXXXXX
doing parameter realm = XXXXXXXXXXXXXX
doing parameter server string = XXXXXXXXXXX
doing parameter security = ADS
doing parameter auth methods = winbind
doing parameter password server = XXXXXXXXX
doing parameter log level = debug
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 0
doing parameter load printers = No
doing parameter printcap name = lpstat
doing parameter show add printer wizard = No
doing parameter preferred master = No
doing parameter local master = No
doing parameter domain master = No
doing parameter enhanced browsing = No
doing parameter passdb backend = ldapsam:ldap://XXXXXXXXXXXX
doing parameter dns proxy = No
doing parameter ldap ssl = no
doing parameter idmap uid = 10000-40000
doing parameter idmap gid = 10000-40000
doing parameter template shell = /home/%D/%U/.sh.lnk
doing parameter winbind separator = +
doing parameter winbind use default domain = Yes
doing parameter create mask = 0774
doing parameter directory mask = 0775
doing parameter printing = cups
doing parameter print command = /usr/bin/lp -d '%p' %s; rm %s
doing parameter lpq command = /usr/bin/lpstat -o '%p'
doing parameter lprm command = /usr/bin/cancel '%p-%j'
doing parameter lppause command = lp -i '%p-%j' -H hold
doing parameter lpresume command = lp -i '%p-%j' -H resume
doing parameter queuepause command = /usr/bin/disable '%p'
doing parameter queueresume command = /usr/bin/enable '%p'
pm_process() returned Yes
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
added interface ip=10.117.19.52 bcast=10.117.19.255 nmask=255.255.255.0
added interface ip=10.117.19.80 bcast=10.117.19.255 nmask=255.255.255.0
added interface ip=192.168.1.2 bcast=192.168.1.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="XXXXXXXXXXXXX"
Client started (version 3.0.2).
Opening cache file at /usr/local/samba/var/locks/gencache.tdb
tdb(unnamed): tdb_brlock failed (fd=3) at offset 4 rw_type=1
lck_type=13: Resource temporarily unavailable
name localhost#20 found.
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 50532
socket option SO_RCVBUF = 87808
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
 session request ok
write_socket(4,183)
write_socket(4,183) wrote 183
size=172
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=10021
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]= 9728 (0x2600)
smb_vwv[ 8]=   39 (0x27)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=  128 (0x80)
smb_vwv[12]=37968 (0x9450)
smb_vwv[13]=41678 (0xA2CE)
smb_vwv[14]=50358 (0xC4B6)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]=26368 (0x6700)
smb_bcc=103
size=172
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=10021
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]= 9728 (0x2600)
smb_vwv[ 8]=   39 (0x27)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=  128 (0x80)
smb_vwv[12]=37968 (0x9450)
smb_vwv[13]=41678 (0xA2CE)
smb_vwv[14]=50358 (0xC4B6)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]=26368 (0x6700)
smb_bcc=103
Serverzone is 14400
Password:
Doing spnego session setup (blob length=103)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=XXXXXXXXXXXXXXXXXXXXXXXXX
write_socket(4,176)
write_socket(4,176) wrote 176
size=328
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=10021
smb_uid=0
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=  233 (0xE9)
smb_bcc=285
size=328
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=10021
smb_uid=0
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=  233 (0xE9)
smb_bcc=285
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[000] C8 77 F9 98 A1 D1 04 A1                           .w......
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
write_socket(4,292)
write_socket(4,292) wrote 292
size=104
smb_com=0x73
smb_rcls=218
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=10021
smb_uid=0
smb_mid=3
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    9 (0x9)
smb_bcc=61
size=104
smb_com=0x73
smb_rcls=218
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=10021
smb_uid=0
smb_mid=3
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=    9 (0x9)
smb_bcc=61
SPENGO login failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

More information about the samba mailing list