FWD: Re: [Samba] "net ads join" hangs

Errol Neal eneal at bnbtv.com
Sat Nov 30 01:15:13 GMT 2002


---------- Original Message ----------------------------------
From: "Errol Neal" <eneal at bnbtv.com>
Reply-To: <eneal at bnbtv.com>
Date:  Fri, 29 Nov 2002 17:13:39 -0800

Hello,

In my further investigation, it seems that winbindd cannot locate my kerberos ticket. Or, at least this is what this log output from winbindd

>[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220)
>  Retrying startup domain sid fetch for JCNTV
>[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
>  krb5_cc_get_principal failed (No credentials cache found)
>[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
>  ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE

Am I correct? But I do have a kerberos ticket... 

isaiah:/usr# /usr/kerberos/bin/klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at JCNTV.PRIVATE

Valid starting     Expires            Service principal
11/29/02 17:11:59  11/30/02 03:11:45  krbtgt/JCNTV.PRIVATE at JCNTV.PRIVATE

Help would be appreciated... 


Best Regards,

Errol U. Neal





---------- Original Message ----------------------------------
From: "Errol Neal" <eneal at bnbtv.com>
Reply-To: <eneal at bnbtv.com>
Date:  Fri, 29 Nov 2002 07:21:23 -0800

>Hello,
>
>I am using samba-3.0alpha21 on a out of the box debian-3.0 box trying to join a native windows 2000 (active directory) domain. I have used alpha18,19,and 20 in the past with alot of success on red hat and linux from scratch systems with minimum challenges. However I cannot seem join the domain in this instance. I am using openldap 2.1.8 and mit kerberos 1.2.7. The result of "net ads join" using alpha19 is that the command hangs after scrolling about 5 pages of text. Alpha20 segfaults for a reason unapparent to me and alpha21 hangs, as alpha19 did but only after the first line. The funny thing is that "net ads status" shows that my system is a member of the domain, but in starting winbindd, winbindd reports this:
>
> winbindd version 3.0alpha21 started.
>  Copyright The Samba Team 2000-2001
>[2002/11/29 07:04:07, 1] nsswitch/winbindd_util.c:add_trusted_domain(140)
>  Added domain JCNTV
>[2002/11/29 07:04:07, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
>  krb5_cc_get_principal failed (No credentials cache found)
>[2002/11/29 07:04:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
>  ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
>[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220)
>  Retrying startup domain sid fetch for JCNTV
>[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
>  krb5_cc_get_principal failed (No credentials cache found)
>[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
>  ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
>
>I compiled samba like so.. 
>./configure --prefix=/usr/local/samba3 --with-pam
>
>Here is a copy of my smb.conf
>
># Samba config file created using SWAT
># from 127.0.0.1 (127.0.0.1)
># Date: 2002/09/20 13:46:38
>
># Global parameters
>[global]
>        workgroup = JCNTV
>        realm = JCNTV.PRIVATE
>        ADS server = 192.168.0.2
>        netbios name = ISAIAH
>        interfaces = **.**.**.**
>        bind interfaces only = Yes
>        security = ADS
>        wins server = 192.168.0.2
>        encrypt passwords = yes
>        host msdfs = Yes
>        msdfs root = Yes
>        winbind gid = 1000-65000
>        winbind uid = 1000-65000
>        winbind separator = +
>
>[docroot]
>        path = /home/var/www
>        follow symlinks = no
>        browsable = yes
>        force create mode = 0664
>        force directory mode = 0755
>
>
>My krb5.conf ..
>
>
>[logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
>[libdefaults]
> ticket_lifetime = 24000
> #default_tags_enctypes = des-cbc-crc
> #default_tkt_enctypes = des-cbc-crc
> default_realm = JCNTV.PRIVATE
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
>[realms]
> JCNTV.PRIVATE = {
>  kdc = server2.jcntv.private:88
>  default_domain = jcntv.private
> }
>
>[domain_realm]
> .jcntv.private = JCNTV.PRIVATE
> jcntv.private = JCNTV.PRIVATE
>
>[kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
>[pam]
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
>
>
>and finally, my ldap.conf..
>
># Your LDAP server. Must be resolvable without using LDAP.
>host 192.168.0.2
>
># The distinguished name of the search base.
>base dc=jcntv,dc=private
>
># The LDAP version to use (defaults to 3
># if supported by client library)
>ldap_version 3
>
># Use SSL
># ssl yes
>
># The distinguished name to bind to the server with.
># Optional: default is to bind anonymously.
>binddn cn=Administrator,cn=Users,dc=jcntv,dc=private
>bindpw JxZ#!@//
>#URI ldaps://192.168.0.2:636
># The credentials to bind with.
># Optional: default is no credential.
>
># The port.
>#port 636
>port 389
>
># The search scope.
>scope sub
>
>nss_base_passwd cn=Users,DC=jcntv,DC=private?one
>nss_base_shadow cn=Users,DC=jcntv,DC=private?one
>nss_base_group cn=Group,DC=jcntv,DC=private?one
>
>nss_map_objectclass posixAccount User
>nss_map_attribute uid sAMAccountName
>nss_map_attribute homeDirectory msSFUHomeDirectory
>nss_map_objectclass posixGroup Group
>nss_map_attribute cn msSFUName
>nss_map_attribute userPassword msSFUPassword
>nss_map_attribute uniqueMember Member
>
>pam_filter objectclass=user
>pam_login_attribute sAMAccountName
>pam_password ad
>
>
>Any help would be greatly appreciated. I don't know if this behavior is related to the version of glibc installed on the machine or what. But again, any help would be appreciated. 
>
>
>Best Regards,
>
>Errol U. Neal
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>




More information about the samba mailing list