[Samba] error: net ads join - Debian AMD64 sarge

Steffen Kolbe kolbe at vwi.tu-dresden.de
Thu Jul 14 21:03:05 GMT 2005 

Can anybody from our experts help please?

I had some trouble with joining a Win2003SP1 (SFU Schema is also 
installed) domain in ADS mode - config files and error logs are listed 
at the end.

the goal is:
-joining a Win2003SP1 domain (with SFU Schema) in ADS-mode
-authenticate with winbind / PADL against this ads-dc (also offline for 
notebooks with padl cache plugin)

It would be great, if anybody can send all modified files/configs, which 
I need for working with Samba/Winbind in ADS-mode (and PADL - I will use 
this in the future). Have anybody a short&complete (Debian)TODO for 
beginners like me  ;-) ? The offical Howto is a little bit overkill ;-)

Thanks for help !
###################################
Here are the files, configs ans logs:
~ DNS works fine.
~installed are: krb5-user and krb5-clients (MIT 1.3.6-2, also testet 
with heimdal 0.6.3)
~/etc/krb5.conf: 
    [libdefaults]
        default_realm = VW.VKW.TU-DRESDEN.DE
        clockskw = 300
    [domain_realm]
        .vw.vkw.tu-dresden.de = VW.VKW.TU-DRESDEN.DE
        vw.vkw.tu-dresden.de = VW.VKW.TU-DRESDEN.DE
~ kinit administor  works fine
~ klist:
    Ticket cache: FILE:/tmp/krb5cc_0
    Default principal: administrator at VW.VKW.TU-DRESDEN.DE

    Valid starting     Expires            Service principal
    07/14/05 22:11:54  07/15/05 08:11:52  
krbtgt/VW.VKW.TU-DRESDEN.DE at VW.VKW.TU-DRESDEN.DE
        renew until 07/15/05 08:11:54

    Kerberos 4 ticket cache: /tmp/tkt0

~installed are debian packages samba 3.0.14a-3 and winbind 3.0.14a-3
~smb.conf:
    [global]
        workgroup = VW
        realm = VW.VKW.TU-DRESDEN.DE
        server string = Samba Server
        security = ADS
        password server = 141.30.182.230
        log file = /var/log/samba/%m.log
        idmap uid = 1000-20000
        idmap gid = 1000-20000
        template shell = /bin/bash
        winbind use default domain = no

~net ads join -U Administrator  give these error: ads_join_realm: 
Operations error

here is the log:

[2005/07/14 22:34:17, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2005/07/14 22:34:17, 3] param/loadparm.c:lp_load(3915)
  lp_load: refreshing parameters
[2005/07/14 22:34:17, 3] param/loadparm.c:init_globals(1329)
  Initialising global parameters
[2005/07/14 22:34:17, 3] param/params.c:pm_process(573)
  params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"
[2005/07/14 22:34:17, 3] param/loadparm.c:do_section(3417)
  Processing section "[global]"
  doing parameter workgroup = VW
  doing parameter realm = VW.VKW.TU-DRESDEN.DE
  doing parameter server string = Samba Server
  doing parameter security = ADS
  doing parameter password server = 141.30.182.230
  doing parameter log file = /var/log/samba/%m.log
  doing parameter idmap uid = 1000-20000
  doing parameter idmap gid = 1000-20000
  doing parameter template shell = /bin/bash
  doing parameter winbind use default domain = no
[2005/07/14 22:34:17, 4] param/loadparm.c:lp_load(3946)
  pm_process() returned Yes
[2005/07/14 22:34:17, 7] param/loadparm.c:lp_servicenumber(4056)
  lp_servicenumber: couldn't find homes
[2005/07/14 22:34:17, 10] param/loadparm.c:set_server_role(3864)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS-2LE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS-2LE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-16LE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-16LE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS-2BE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS-2BE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-16BE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-16BE
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF8
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF8
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-8
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-8
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset ASCII
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset ASCII
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset 646
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset 646
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset ISO-8859-1
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset ISO-8859-1
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS2-HEX
[2005/07/14 22:34:17, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS2-HEX
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-15' for LOCALE
[2005/07/14 22:34:17, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="VW-CLU2"
[2005/07/14 22:34:17, 2] lib/interface.c:add_interface(81)
  added interface ip=141.30.182.232 bcast=141.30.182.255 
nmask=255.255.255.224
[2005/07/14 22:34:17, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.2 bcast=10.0.0.255 nmask=255.255.255.0
[2005/07/14 22:34:17, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.1.202 bcast=192.168.1.255 nmask=255.255.255.0
[2005/07/14 22:34:22, 6] libads/ldap.c:ads_find_dc(214)
  ads_find_dc: looking for realm 'VW.VKW.TU-DRESDEN.DE'
[2005/07/14 22:34:22, 8] libsmb/namequery.c:get_sorted_dc_list(1433)
  get_sorted_dc_list: attempting lookup using [ads]
[2005/07/14 22:34:22, 10] libsmb/namequery.c:remove_duplicate_addrs2(320)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2005/07/14 22:34:22, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 1 ip addresses in an ordered list
[2005/07/14 22:34:22, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 141.30.182.230:389
[2005/07/14 22:34:22, 5] libads/ldap.c:ads_try_connect(123)
  ads_try_connect: trying ldap server '141.30.182.230' port 389
[2005/07/14 22:34:22, 3] libads/ldap.c:ads_connect(285)
  Connected to LDAP server 141.30.182.230
[2005/07/14 22:34:22, 3] libads/ldap.c:ads_server_info(2469)
  got ldap server name vw-dc1 at VW.VKW.TU-DRESDEN.DE, using bind path: 
dc=VW,dc=VKW,dc=TU-DRESDEN,dc=DE
[2005/07/14 22:34:22, 4] libads/ldap.c:ads_server_info(2475)
  time offset is -1 seconds
[2005/07/14 22:34:22, 4] libads/sasl.c:ads_sasl_bind(447)
  Found SASL mechanism GSS-SPNEGO
[2005/07/14 22:34:22, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/07/14 22:34:22, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/07/14 22:34:22, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/07/14 22:34:22, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/07/14 22:34:22, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name 
=vw-dc1$@VW.VKW.TU-DRESDEN.DE
[2005/07/14 22:34:22, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2005/07/14 22:34:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
  Ticket in ccache[MEMORY:net_ads] expiration Fri, 15 Jul 2005 08:34:21 GMT
[2005/07/14 22:34:22, 10] libsmb/clikrb5.c:ads_krb5_mk_req(408)
  ads_krb5_mk_req: Ticket (vw-dc1$@VW.VKW.TU-DRESDEN.DE) in ccache 
(MEMORY:net_ads) is valid until: (Fri, 15 Jul 2005 08:34:21 GMT - 
1121409261)
[2005/07/14 22:34:22, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(509)
  Got KRB5 session key of length 16
[2005/07/14 22:34:22, 1] libads/ldap.c:ads_default_ou_string(1085)
  Failed while searching for: 
<WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=VW,dc=VKW,dc=TU-DRESDEN,dc=DE>
[2005/07/14 22:34:22, 10] intl/lang_tdb.c:lang_tdb_init(135)
  lang_tdb_init: /usr/share/samba/de_DE:de:en_GB:en.msg: No such file or 
directory
[2005/07/14 22:34:22, 2] utils/net.c:main(897)
  return code = -1

-- 


Mit freundlichen Gruessen

Steffen Kolbe
Andreas-Schubert-Str. 23
D-01062 Dresden
------------------------------------------------------
Phone: +49/0 351 463-36750
Fax: +49/0 351 463-36809
e-mail: kolbe1 at vwi.tu-dresden.de
------------------------------------------------------
Institut fuer Wirtschaft und Verkehr
Fakultaet Verkehrswissenschaften "Friedrich List"
Technische Universitaet Dresden
------------------------------------------------------

More information about the samba mailing list