Unable to join AD with HEAD CVS from 6/25/02

John M Trostel jtrostel at snapserver.com
Mon Jul 8 15:20:58 GMT 2002 

OK... I'm stumped.  How do I figure out what I'm doing wrong?

This is what I'm doing:

1.  [root at jtsdell jt]# kdestroy

2.  [root at jtsdell jt]# kinit Administrator at CEO.COM
    Password for Administrator at CEO.COM: 

3.  [root at jtsdell jt]# klist
    Ticket cache: FILE:/tmp/krb5cc_0
    Default principal: Administrator at CEO.COM

    Valid starting     Expires            Service principal
    07/08/02 15:19:57  07/09/02 01:19:57  krbtgt/CEO.COM at CEO.COM   
    07/08/02 15:21:35  07/09/02 01:19:57  ldap/zephyr at CEO.COM


    Kerberos 4 ticket cache: /tmp/tkt0
    klist: You have no tickets cached

4.  [root at jtsdell jt]# /usr/local/samba/bin/net ads join -UAdministrator
    [2002/07/08 15:19:52, 5] lib/debug.c:debug_dump_status(359)
      INFO: Current debug levels:
        all: True/10
        tdb: False/0
        printdrivers: False/0
        lanman: False/0
        smb: False/0
        rpc_parse: False/0
        rpc_srv: False/0
        rpc_cli: False/0
        passdb: False/0
        auth: False/0
        winbind: False/0
      doing parameter wins server = 192.168.10.15
    [2002/07/08 15:19:52, 4] lib/wins_srv.c:wins_srv_load_list(139)
      wins_srv_load_list(): Building WINS server list:
      192.168.10.15,
      1 WINS server listed.
      doing parameter name resolve order = host bcast
      doing parameter winbind separator = /
      doing parameter winbind uid = 15000-30000
      doing parameter winbind gid = 15000-30000
      doing parameter winbind enum users = yes
      doing parameter winbind enum groups = yes
      doing parameter template shell = /bin/bash
      doing parameter realm = CEO.COM
      doing parameter ads server = zephyr.ceo.com
      doing parameter security = ADS
      doing parameter encrypt passwords = yes
    [2002/07/08 15:19:52, 4] param/loadparm.c:lp_load(3610)
      pm_process() returned Yes
    [2002/07/08 15:19:52, 7] param/loadparm.c:lp_servicenumber(3716)
      lp_servicenumber: couldn't find homes
    [2002/07/08 15:19:52, 10] param/loadparm.c:set_server_role(3543)
      set_server_role: ROLE_DOMAIN_MEMBER
    [2002/07/08 15:19:52, 2] lib/interface.c:add_interface(79)
      added interface ip=192.168.10.250 bcast=192.168.10.255
nmask=255.255.255.0
    [2002/07/08 15:19:52, 2] lib/interface.c:add_interface(79)
      added interface ip=172.16.170.1 bcast=172.16.170.255
nmask=255.255.255.0
    Administrator password: 
    [2002/07/08 15:19:57, 3] libads/ldap.c:ads_connect(83)
      Connected to LDAP server zephyr.ceo.com
    [2002/07/08 15:19:57, 3] libads/ldap.c:ads_server_info(1409)
      got ldap server name zephyr at CEO.COM
    [2002/07/08 15:26:17, 0] libads/ldap.c:ads_join_realm(1019)
      ads_add_machine_acct: Timed out
    ads_join_realm: Timed out
    [2002/07/08 15:26:17, 2] utils/net.c:main(482)
      return code = -1

Here is my /usr/local/samba/lib/smb.conf:

# Global parameters
[global]
	workgroup = CEO
	netbios name = JTSDELL
	server string = My new experimental XFS Samba Server
	printing = bsd
	printcap name = /etc/printcap
	load printers = yes
	guest account = nobody
	encrypt passwords = Yes
	update encrypted = Yes
	os level = 0
	preferred master = False
	local master = No
	domain master = False
#
# REMOVED for ADS tests
#	security = server
#	password server = *
#
	smb passwd file = /usr/local/samba/private/smbpasswd
	debug level = 10 
	wins server = 192.168.10.15
	name resolve order = host bcast
# separate domain and username with '+', like DOMAIN+username
	winbind separator = /
# set uid and gid ranges
        winbind uid = 15000-30000
        winbind gid = 15000-30000
# allow enumeration of winbind users and groups
        winbind enum users = yes
        winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet
access)
        template shell = /bin/bash
#
# Kerberos AD info
#
	realm = CEO.COM
	ads server = zephyr.ceo.com
	security = ADS
	encrypt passwords = yes

[Public]
	path = /mnt/xfs_part
	public = yes
	read only = No
	create mask = 774
	force create mode = 0
	directory mask = 774
	force directory mode = 0
	directory security mask = 777
	force directory security mode = 0

[printers]
   comment = All Printers
   browseable = no
   printable = yes
   public = no
   writable = no
   create mode = 0700

And my /etc/krb5.conf

[realms]
 CEO.COM = {
  kdc = ZEPHYR.CEO.COM
 }

Note that zephyr.ceo.com is included in local /etc/hosts file.
-- 
John M. Trostel
Senior Software Engineer
Quantum Corp. / SSG
john.trostel at quantum.com

More information about the samba-technical mailing list