"net ads join" hangs
Errol Neal
eneal at bnbtv.com
Sat Nov 30 02:21:23 EST 2002
Hello,
I am using samba-3.0alpha21 on a out of the box debian-3.0 box trying to join a native windows 2000 (active directory) domain. I have used alpha18,19,and 20 in the past with alot of success on red hat and linux from scratch systems with minimum challenges. However I cannot seem join the domain in this instance. I am using openldap 2.1.8 and mit kerberos 1.2.7. The result of "net ads join" using alpha19 is that the command hangs after scrolling about 5 pages of text. Alpha20 segfaults for a reason unapparent to me and alpha21 hangs, as alpha19 did but only after the first line. The funny thing is that "net ads status" shows that my system is a member of the domain, but in starting winbindd, winbindd reports this:
winbindd version 3.0alpha21 started.
Copyright The Samba Team 2000-2001
[2002/11/29 07:04:07, 1] nsswitch/winbindd_util.c:add_trusted_domain(140)
Added domain JCNTV
[2002/11/29 07:04:07, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
krb5_cc_get_principal failed (No credentials cache found)
[2002/11/29 07:04:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220)
Retrying startup domain sid fetch for JCNTV
[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
krb5_cc_get_principal failed (No credentials cache found)
[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
I compiled samba like so..
./configure --prefix=/usr/local/samba3 --with-pam
Here is a copy of my smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2002/09/20 13:46:38
# Global parameters
[global]
workgroup = JCNTV
realm = JCNTV.PRIVATE
ADS server = 192.168.0.2
netbios name = ISAIAH
interfaces = **.**.**.**
bind interfaces only = Yes
security = ADS
wins server = 192.168.0.2
encrypt passwords = yes
host msdfs = Yes
msdfs root = Yes
winbind gid = 1000-65000
winbind uid = 1000-65000
winbind separator = +
[docroot]
path = /home/var/www
follow symlinks = no
browsable = yes
force create mode = 0664
force directory mode = 0755
My krb5.conf ..
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
#default_tags_enctypes = des-cbc-crc
#default_tkt_enctypes = des-cbc-crc
default_realm = JCNTV.PRIVATE
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
JCNTV.PRIVATE = {
kdc = server2.jcntv.private:88
default_domain = jcntv.private
}
[domain_realm]
.jcntv.private = JCNTV.PRIVATE
jcntv.private = JCNTV.PRIVATE
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
and finally, my ldap.conf..
# Your LDAP server. Must be resolvable without using LDAP.
host 192.168.0.2
# The distinguished name of the search base.
base dc=jcntv,dc=private
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# Use SSL
# ssl yes
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,cn=Users,dc=jcntv,dc=private
bindpw JxZ#!@//
#URI ldaps://192.168.0.2:636
# The credentials to bind with.
# Optional: default is no credential.
# The port.
#port 636
port 389
# The search scope.
scope sub
nss_base_passwd cn=Users,DC=jcntv,DC=private?one
nss_base_shadow cn=Users,DC=jcntv,DC=private?one
nss_base_group cn=Group,DC=jcntv,DC=private?one
nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute cn msSFUName
nss_map_attribute userPassword msSFUPassword
nss_map_attribute uniqueMember Member
pam_filter objectclass=user
pam_login_attribute sAMAccountName
pam_password ad
Any help would be greatly appreciated. I don't know if this behavior is related to the version of glibc installed on the machine or what. But again, any help would be appreciated.
Best Regards,
Errol U. Neal
More information about the samba-cvs
mailing list