[Samba] Re: Trying to join a Solaris 8 box to Windows 2000 AD.
Andrew Bartlett
abartlet at samba.org
Sun Nov 10 12:39:44 GMT 2002
On Sun, 2002-11-10 at 21:13, Clive.Elsum at csiro.au wrote:
> I am having major problems with SAMBA samba-3.0alpha20 in trying to connect
> to
> Windows 2000 AD. I have attached info if that helps. Any help you can give
> me
> would be greatly appreciated.
>
> Thanks in advance
>
> Clive Elsum
>
> I can get samba-3.0alpha20 working if I include reference to our NT PDC
> in the smb.conf file and do a net rpc join command.
> This joins our NT PDC domain which has a trust relationship with the
> Windows 2000 ADS.
> The "joined domian XXX" message appears and a wbinfo -m shows the
> Windows 2000 AD domain "YYYYY" as a trusted-domain.
> I can then login using domain/userid and everything works correctly.
> The working smb.conf relvant bits are
> workgroup = xxx
> security = server
> encrypt passwords = yes
> stat cache = false
> winbind separator = /
> winbind uid = 10000-30000
> winbind gid = 10000-30000
> winbind use default domain = true
> winbind enum groups = yes
> winbind enum users = yes
> security = server
> template shell = /bin/tcsh
>
>
> However with the imminent departure of the local NT PDC I will be forced
> to use the net ads join command which at present fails.
There isn't a 'forced' here - you should still be able to 'net rpc join'
a Win2k domain. But that doesn't solve your real problem.
> The kinit command works correctly (password entered prompt returned)
> The klist command appears to do the right thing.
> Suggesting that kerberos is set up OK.
>
> I have samba-3.0alpha20 version installed on Solaris 8. It was configured
> with
> ./configure --with-ads --with-ldap --with-krb5=/usr/local/kerberos
> --with-pam --with-winbind
>
> The include/config.h file shows
> #define HAVE_KRB5 1
> #define HAVE_GSSAPI 1
> #define WITH_ADS 1
> #define HAVE_LDAP_H 1
>
>
> I am using GCC Version 3.2; Kerberos krb5-1.2.6; LDAP openldap-2.1.8; on a
> Solaris 8 platform.
>
> I have modified the Makefile so as to overcome errors in compiling e.g
> passdb/pdb_ldap.c
What were they, btw?
> I then do a make install and copy relevant files with relevant links:
> cp pam_winbind.so /lib/security
> cp libnss_winbind.so /lib/nss_winbind.so
>
>
> Relevant bits from smb.conf:
> workgroup = OUR
> realm = OUR.2000AD.DOMAIN
> security = ADS
> encrypt passwords = yes
> stat cache = false
> winbind separator = /
> winbind uid = 10000-30000
> winbind gid = 10000-30000
> winbind use default domain = true
> winbind enum groups = yes
> winbind enum users = yes
> ads server = <IP ADDRESS of ads server>
> template shell = /bin/tcsh
>
> WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but
> then
> aborts with:
>
> convert_string: Required 1521, available 2048
> ===============================================================
> INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20)
> Please read the file BUGS.txt in the distribution
> ===============================================================
> PANIC: internal error
> Abort (core dumped)
Any chance of recompiling --enable-krb5developer and getting us a gdb
backtrace? See 'panic action' in the smb.conf
> Obviously the command net ads join also fails with:
> [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122)
> kerberos_kinit_password user at OUR.2000AD.DOMAIN failed: Preauthentication
> failed
> [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148)
> ads_connect: Invalid credentials
Why is this 'obviously'? Anyway, a backtrace of this would be good.
Anyway, if you can get that, and also try the lastest 3.0 CVS
(pserver.samba.org), that will help us to chase it down.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021110/26482355/attachment.bin
More information about the samba
mailing list