[Samba] ADS Authentication - CLDAP request failed
Sakshale eQuorian
sakshale at gmail.com
Thu Mar 19 15:25:27 GMT 2009
I have a RHEL 5 system, with Samba 3.0.33 installed, that _used_ to
authenticate against the corporate Active Directory system without any
problems. However, about a month ago the connection broke, but the users
didn't complain until some time went buy. I've spent quite a few hours
trying to reconnect this system, but nothing works. I do not believe it is
a simple configuration problem, as it used to work... and am afraid that
something changed on the corporate domain controllers. Unfortunately,
corporate doesn't believe in non-Windows solutions to anything and will not
support me in this effort. They also don't support an NFS services, which
are critical for my user community. sigh...
Kerberos authentication still works;
--------------------------------------------------------------------------------------
# kinit -V username
Password for username at WKG.COMPANY.COM:
Authenticated to Kerberos v5
[root at palsrv6] klist
Ticket cache: *FILE:/tmp/krb5cc_0*
Default principal: username at WKG.COMPANY.COM
Valid starting Expires Service principal
03/16/09 09:42:42 03/16/09 19:42:51 krbtgt/WKG.COMPANY.COM at WKG.COMPANY.COM
renew until 03/17/09 09:42:42
--------------------------------------------------------------------------------------
Samba can talk to the Primary Domain Controller as a client, but doesn't
seem to
recognize the PDC as a server.
--------------------------------------------------------------------------------------
# smbclient -L /pdc01 -k
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003
R2 5.2]
Sharename Type Comment
--------- ---- -------
C$ Disk Default share
H$ Disk Default share
F$ Disk Default share
IPC$ IPC Remote IPC
G$ Disk Default share
ADMIN$ Disk Remote Admin
D$ Disk Default share
E$ Disk Default share
SYSVOL Disk Logon server share
NETLOGON Disk Logon server share
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003
R2 5.2]
[snipping noise]
--------------------------------------------------------------------------------------
# net ads join -U username at WKG.COMPANY.COM
username at WKG.COMPANY.COM's password:
[2009/03/16 09:58:23, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
Failed to join domain: No logon servers
--------------------------------------------------------------------------------------
-sh-3.2# net rpc testjoin
Unable to find a suitable server
Join to domain 'WKG' is not valid
-sh-3.2# net -d5 ads testjoin
[2009/03/18 09:07:16, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2009/03/18 09:07:16, 3] param/loadparm.c:lp_load(5064)
lp_load: refreshing parameters
[2009/03/18 09:07:16, 3] param/loadparm.c:init_globals(1440)
Initialising global parameters
[2009/03/18 09:07:16, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2009/03/18 09:07:16, 3] param/loadparm.c:do_section(3803)
Processing section "[global]"
doing parameter workgroup = wks
doing parameter password server = pdc01.wks.company.com
doing parameter realm = WKS.COMPANY.COM #[GLOBAL]
doing parameter security = ads
doing parameter idmap uid = 16777216-33554431
doing parameter idmap gid = 16777216-33554431
doing parameter winbind use default domain = Yes
doing parameter winbind offline logon = false
doing parameter server string = Samba Server Version %v
doing parameter passdb backend = tdbsam
doing parameter cups options = raw
[2009/03/18 09:07:16, 4] param/loadparm.c:lp_load(5095)
pm_process() returned Yes
[2009/03/18 09:07:16, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[snipping noise]
[2009/03/18 09:07:16, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[snipping noise]
[2009/03/18 09:07:16, 5] lib/util.c:init_names(309)
Netbios name list:-
my_netbios_names[0]="HOSTNAME"
[2009/03/18 09:07:16, 2] lib/interface.c:add_interface(81)
added interface ip=10.20.30.99 bcast=10.20.30.255 nmask=255.255.254.0
[snipping noise]
[2009/03/18 09:07:16, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/cache/samba/gencache.tdb
[2009/03/18 09:07:16, 5] libads/dns.c:sitename_fetch(706)
sitename_fetch: No stored sitename for WKS.COMPANY.COM #[GLOBAL]
[2009/03/18 09:07:16, 5] libsmb/namequery.c:saf_fetch(133)
saf_fetch: failed to find server for "WKS.COMPANY.COM #[GLOBAL]" domain
[2009/03/18 09:07:16, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: ", pdc01.wkg.company.com"
[2009/03/18 09:07:16, 5] libads/dns.c:sitename_fetch(706)
sitename_fetch: No stored sitename for WKS.COMPANY.COM #[GLOBAL]
[2009/03/18 09:07:16, 5] libsmb/namecache.c:namecache_fetch(214)
name pdc01.wkg.company.com#20 found.
[2009/03/18 09:07:16, 5] libads/dns.c:sitename_fetch(706)
sitename_fetch: No stored sitename for WKS.COMPANY.COM #[GLOBAL]
[2009/03/18 09:07:16, 5] libsmb/namecache.c:namecache_fetch(210)
no entry for #pdc01.wkg.company.com#20 found.
[2009/03/18 09:07:16, 3] libsmb/namequery.c:resolve_lmhosts(966)
resolve_lmhosts: Attempting lmhosts lookup for name #pdc01.wkg.company.com
<0x20>
[2009/03/18 09:07:16, 4] libsmb/namequery.c:getlmhostsent(717)
getlmhostsent: lmhost entry: 127.0.0.1 localhost
[2009/03/18 09:07:16, 4] libsmb/namequery.c:getlmhostsent(717)
getlmhostsent: lmhost entry: 10.20.30.41 pdc01.wkg.company.com pdc01
[2009/03/18 09:07:16, 4] libsmb/namequery.c:getlmhostsent(717)
getlmhostsent: lmhost entry: 10.20.30.42 pdc02.wkg.company.com pdc02
[2009/03/18 09:07:16, 4] libsmb/namequery.c:getlmhostsent(717)
getlmhostsent: lmhost entry: 10.20.30.43 pdc03.wkg.company.com pdc03
[2009/03/18 09:07:16, 3] libsmb/namequery.c:resolve_wins(863)
resolve_wins: Attempting wins lookup for name #pdc01.wkg.company.com<0x20>
[2009/03/18 09:07:16, 3] libsmb/namequery.c:resolve_wins(866)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2009/03/18 09:07:16, 3] libsmb/namequery.c:resolve_hosts(1029)
resolve_hosts: Attempting host lookup for name #pdc01.wkg.company.com
<0x20>
[2009/03/18 09:07:16, 3] libsmb/namequery.c:name_resolve_bcast(805)
name_resolve_bcast: Attempting broadcast lookup for name #
PDC01.WKG.COMPANY.com<0x20>
[2009/03/18 09:07:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_KEEPALIVE = 0
[snipping noise]
[2009/03/18 09:07:16, 5] libsmb/nmblib.c:send_udp(779)
Sending a packet of len 50 to (10.20.55.255) on port 137
[2009/03/18 09:07:17, 5] libsmb/nmblib.c:send_udp(779)
Sending a packet of len 50 to (10.20.30.255) on port 137
[2009/03/18 09:07:17, 5] libsmb/nmblib.c:send_udp(779)
[snipping noise]
[2009/03/18 09:07:19, 4] libsmb/namequery.c:get_dc_list(1605)
get_dc_list: returning 1 ip addresses in an ordered list
[2009/03/18 09:07:19, 4] libsmb/namequery.c:get_dc_list(1606)
get_dc_list: 10.20.30.41:389
[2009/03/18 09:07:19, 5] libads/ldap.c:ads_try_connect(180)
ads_try_connect: sending CLDAP request to 10.20.30.41 (realm:
WKG.COMPANY.COM #[GLOBAL])
[2009/03/18 09:07:19, 1] libads/cldap.c:recv_cldap_netlogon(247)
Failed to parse cldap reply
[2009/03/18 09:07:19, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 10.20.30.41 failed.
[2009/03/18 09:07:19, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
Join to domain is not valid: No logon servers
[2009/03/18 09:07:19, 2] utils/net.c:main(1075)
return code = -1
-sh-3.2#
More information about the samba
mailing list