"net ads join" hangs

Errol Neal eneal at bnbtv.com
Sat Nov 30 02:21:23 EST 2002 

Hello,

I am using samba-3.0alpha21 on a out of the box debian-3.0 box trying to join a native windows 2000 (active directory) domain. I have used alpha18,19,and 20 in the past with alot of success on red hat and linux from scratch systems with minimum challenges. However I cannot seem join the domain in this instance. I am using openldap 2.1.8 and mit kerberos 1.2.7. The result of "net ads join" using alpha19 is that the command hangs after scrolling about 5 pages of text. Alpha20 segfaults for a reason unapparent to me and alpha21 hangs, as alpha19 did but only after the first line. The funny thing is that "net ads status" shows that my system is a member of the domain, but in starting winbindd, winbindd reports this:

 winbindd version 3.0alpha21 started.
  Copyright The Samba Team 2000-2001
[2002/11/29 07:04:07, 1] nsswitch/winbindd_util.c:add_trusted_domain(140)
  Added domain JCNTV
[2002/11/29 07:04:07, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
  krb5_cc_get_principal failed (No credentials cache found)
[2002/11/29 07:04:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
  ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220)
  Retrying startup domain sid fetch for JCNTV
[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
  krb5_cc_get_principal failed (No credentials cache found)
[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
  ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE

I compiled samba like so.. 
./configure --prefix=/usr/local/samba3 --with-pam

Here is a copy of my smb.conf

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2002/09/20 13:46:38

# Global parameters
[global]
        workgroup = JCNTV
        realm = JCNTV.PRIVATE
        ADS server = 192.168.0.2
        netbios name = ISAIAH
        interfaces = **.**.**.**
        bind interfaces only = Yes
        security = ADS
        wins server = 192.168.0.2
        encrypt passwords = yes
        host msdfs = Yes
        msdfs root = Yes
        winbind gid = 1000-65000
        winbind uid = 1000-65000
        winbind separator = +

[docroot]
        path = /home/var/www
        follow symlinks = no
        browsable = yes
        force create mode = 0664
        force directory mode = 0755


My krb5.conf ..


[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 #default_tags_enctypes = des-cbc-crc
 #default_tkt_enctypes = des-cbc-crc
 default_realm = JCNTV.PRIVATE
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 JCNTV.PRIVATE = {
  kdc = server2.jcntv.private:88
  default_domain = jcntv.private
 }

[domain_realm]
 .jcntv.private = JCNTV.PRIVATE
 jcntv.private = JCNTV.PRIVATE

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false


and finally, my ldap.conf..

# Your LDAP server. Must be resolvable without using LDAP.
host 192.168.0.2

# The distinguished name of the search base.
base dc=jcntv,dc=private

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# Use SSL
# ssl yes

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,cn=Users,dc=jcntv,dc=private
bindpw JxZ#!@//
#URI ldaps://192.168.0.2:636
# The credentials to bind with.
# Optional: default is no credential.

# The port.
#port 636
port 389

# The search scope.
scope sub

nss_base_passwd cn=Users,DC=jcntv,DC=private?one
nss_base_shadow cn=Users,DC=jcntv,DC=private?one
nss_base_group cn=Group,DC=jcntv,DC=private?one

nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute cn msSFUName
nss_map_attribute userPassword msSFUPassword
nss_map_attribute uniqueMember Member

pam_filter objectclass=user
pam_login_attribute sAMAccountName
pam_password ad


Any help would be greatly appreciated. I don't know if this behavior is related to the version of glibc installed on the machine or what. But again, any help would be appreciated. 


Best Regards,

Errol U. Neal

More information about the samba-cvs mailing list