[Samba] Solaris 10 (sparc) and samba issue
Ravi Channavajhala
ravi.channavajhala at dciera.com
Mon May 11 17:08:15 GMT 2009
Brian, it is Windows 2003/R2. The config for samba is straightup just
from the global section. The exact problem I'm having is the net ads
is unable to create the kerberos keytab and I hate to run ktpass and
etc from the win KDC and install them. Even if I did the ktpass, the
tix are not working....I get constant error 'server not found in
kerberos database' whenever attempting to login.
[global]
workgroup = WKG
netbios name = HOST
security = ads
password server = x.domain.com
use kerberos keytab = true
realm = DOMAIN.COM
[2009/05/11 22:33:30, 10] lib/util.c:(2957)
name_to_fqdn: lookup for HOST -> HOST.domain.com
[2009/05/11 22:33:30, 3] libads/ldap.c:(2471)
ads_domain_func_level: 2
[2009/05/11 22:33:30, 3] libads/kerberos.c:(337)
kerberos_secrets_store_des_salt: Storing salt
"host/HOST.domain.com at DOMAIN.COM"
[2009/05/11 22:33:30, 2] libads/kerberos_keytab.c:(260)
ads_keytab_add_entry: Using default system keytab: FILE:/etc/krb5/krb5.keytab
[2009/05/11 22:33:30, 5] libads/ldap.c:(1422)
ads_get_kvno: Searching for host HOST
[2009/05/11 22:33:30, 5] libads/ldap.c:(1440)
ads_get_kvno: Using: CN=host,OU=NewComputers,DC=domain,DC=com
[2009/05/11 22:33:30, 5] libads/ldap.c:(1459)
ads_get_kvno: Looked Up KVNO of: 7
[2009/05/11 22:33:30, 3] libads/kerberos_keytab.c:(65)
smb_krb5_kt_add_entry: Will try to delete old keytab entries
[2009/05/11 22:33:30, 5] libads/kerberos_keytab.c:(105)
smb_krb5_kt_add_entry: Found old entry for principal:
host/host.domain.com at DOMAIN.COM (kvno 7) - trying to remove it.
[2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(116)
smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (Cannot write to
specified key table)
[2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(346)
ads_keytab_add_entry: Failed to add entry to keytab file
[2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(508)
ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'.
[2009/05/11 22:33:30, 1] utils/net_ads.c:(1644)
Error creating host keytab!
Joined 'HOST' to realm 'DOMAIN.COM'
[2009/05/11 22:33:30, 2] utils/net.c:(1036)
return code = 0
On Mon, May 11, 2009 at 10:16 PM, Brian H. Nelson <bnelson at cis.ysu.edu> wrote:
> Ravi,
>
> You don't mention which version of AD your are working with or include any
> relevant config files. Both would be helpful.
>
> Also, it might just be me, but I'm not clear on exactly what problem you're
> having. Maybe you could clarify, list error messages, etc.
>
> You might want to get Solaris patch 119757-14 which gives you samba 3.0.33.
> I don't know if it will help. I had no problems with samba 3.0.28 on Solaris
> 10.
>
> -Brian
>
>
> Ravi Channavajhala wrote:
>>
>> The net ads joins the host to the AD, but cant get the proper kerberos
>> tix. Manually generating the kerberos keytab from AD dont work. Any
>> suggestions?
>>
>> root at host /#head -1 /etc/release
>> Solaris 10 10/08 s10s_u6wos_07b SPARC
>>
>> root at host /usr/sfw/sbin#./smbd -V
>> Version 3.0.28
>>
>> root at host /#for PKG in `pkginfo -x | grep -i samba | awk '{print
>> $1}'`; do VER=`pkginfo -l ${PKG} | grep PSTAMP`; echo ${PKG} ${VER};
>> done
>> SUNWsmbac PSTAMP: sfw10-patch20080310191909
>> SUNWsmbar PSTAMP: sfw10-patch20080723133424
>> SUNWsmbau PSTAMP: sfw10-patch20080723134146
>>
>> Last few relevant lines from net ads with -d10 level debugging.
>>
>> [2009/05/11 20:13:20, 10] libsmb/clientgen.c:(395)
>> cli_rpc_pipe_close: closed pipe \NETLOGON to machine host.domain.com
>> [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(153)
>> write_socket(9,39)
>> [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(156)
>> write_socket(9,39) wrote 39
>> [2009/05/11 20:13:20, 10] lib/util_sock.c:(623)
>> got smb length of 35
>> [2009/05/11 20:13:20, 5] lib/util.c:(484)
>> [2009/05/11 20:13:20, 5] lib/util.c:(494)
>> size=35
>> smb_com=0x71
>> smb_rcls=0
>> smb_reh=0
>> smb_err=0
>> smb_flg=136
>> smb_flg2=51201
>> smb_tid=2050
>> smb_pid=2945
>> smb_uid=2050
>> smb_mid=12
>> smt_wct=0
>> smb_bcc=0
>> [2009/05/11 20:13:20, 10] lib/util.c:(2957)
>> name_to_fqdn: lookup for HOST -> HOST.domain.com
>> [2009/05/11 20:13:20, 3] libads/ldap.c:(2471)
>> ads_domain_func_level: 2
>> [2009/05/11 20:13:20, 3] libads/kerberos.c:(337)
>> kerberos_secrets_store_des_salt: Storing salt
>> "host/host.domain.com at DOMAIN.COM"
>> [2009/05/11 20:13:21, 2] libads/kerberos_keytab.c:(260)
>> ads_keytab_add_entry: Using default system keytab:
>> FILE:/etc/krb5/krb5.keytab
>> [2009/05/11 20:13:21, 5] libads/ldap.c:(1422)
>> ads_get_kvno: Searching for host HOST
>> [2009/05/11 20:13:21, 5] libads/ldap.c:(1440)
>> ads_get_kvno: Using: CN=HOST,CN=Computers,DC=domain,DC=com
>> [2009/05/11 20:13:21, 5] libads/ldap.c:(1459)
>> ads_get_kvno: Looked Up KVNO of: 7
>> [2009/05/11 20:13:21, 3] libads/kerberos_keytab.c:(65)
>> smb_krb5_kt_add_entry: Will try to delete old keytab entries
>> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(152)
>> smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (Bad file number)
>> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(346)
>> ads_keytab_add_entry: Failed to add entry to keytab file
>> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(508)
>> ads_keytab_create_default: ads_keytab_add_entry failed while adding
>> 'host'.
>> [2009/05/11 20:13:21, 1] utils/net_ads.c:(1644)
>> Error creating host keytab!
>> Joined 'HOST' to realm 'DOMAIN.COM'
>> [2009/05/11 20:13:21, 2] utils/net.c:(1036)
>> return code = 0
>>
>
> --
> ---------------------------------------------------
> Brian H. Nelson Youngstown State University
> System Administrator Media and Academic Computing
> bnelson[at]cis.ysu.edu
> ---------------------------------------------------
>
More information about the samba
mailing list