[Samba] winbind with ADS error

Barry, Christopher cbarry at infiniconsys.com
Fri Mar 28 21:30:39 GMT 2003

This may be erroneous, but are the clocks synced between this box and the AD server? I know this can cause problems.

Christopher Barry
Manager of Information Systems
InfiniCon Systems

-----Original Message-----
From: Scott Messec [mailto:messec at mail.utexas.edu]
Sent: Friday, March 28, 2003 4:13 PM
To: samba at lists.samba.org
Subject: [Samba] winbind with ADS error

RedHat AS 2.1 kernel 2.4.9-e.16 with kbr5-1.2.7


I've been playing with ADS features of samba-3.0alpha21 and am having
problems getting winbind to work.


I can join the domain:


[root at asecl etc]# net ads join

Joined 'ASECL' to realm 'ASE-LRC-AD.AE.UTEXAS.EDU'


After joining the domain, I can use the other 'net ads' options of user,
group, status and info. Can also use the smbclient with the -k option to
browse shares on the AD server.



When starting winbind, I get the following error which just keeps
repeating every 10 seconds.


[root at asecl samba]# tail -f log.winbindd 

  winbindd version 3.0alpha21 started.

  Copyright The Samba Team 2000-2001

[2003/03/27 10:39:08, 1]

  Added domain ASE-LRC-AD  

[2003/03/27 10:39:08, 1] libsmb/clikrb5.c:krb5_mk_req2(55)

  krb5_cc_get_principal failed (No credentials cache found)

[2003/03/27 10:39:08, 0] libads/kerberos.c:ads_kinit_password(132)

  kerberos_kinit_password HOST/asecl at ASE-LRC-AD.AE.UTEXAS.EDU failed:
Client not found in Kerberos database

[2003/03/27 10:39:08, 1]

  ads_connect for domain ASE-LRC-AD failed: Invalid credentials

[2003/03/27 10:39:18, 1] nsswitch/winbindd_util.c:init_domain_list(219)

  Retrying startup domain sid fetch for ASE-LRC-AD

[2003/03/27 10:39:18, 1] libsmb/clikrb5.c:krb5_mk_req2(55)

  krb5_cc_get_principal failed (No credentials cache found)



I checked the cached Kerberos tickets using klist


Ticket cache: FILE:/tmp/krb5cc_0

Default principal: kdcuser at ASE-LRC-AD.AE.UTEXAS.EDU


Valid starting     Expires            Service principal

03/27/03 10:54:13  03/27/03 20:54:13

03/27/03 10:54:28  03/27/03 20:54:13

03/27/03 10:54:28  03/27/03 20:54:13
kadmin/changepw at ASE-LRC-AD.AE.UTEXAS.EDU



Trying samba-3.0alpha22, winbind keeps repeating the following message


[2003/03/18 10:34:33, 1] nsswitch/winbindd.c:main(898)

  winbindd version 3.0alpha22 started.

  Copyright The Samba Team 2000-2001

[2003/03/18 10:34:33, 1]

  scanning trusted domain list

[2003/03/18 10:39:33, 1]

  scanning trusted domain list



Trying the latest 3.0 CVC, winbind gives


accepted socket 11

client_read: read 1312 bytes. Need 0 more for a full request.

process_loop: Invalid request size from pid 6340: 1564 bytes sent,
should be 1312



my smb.conf:




# Active Directory stuff


security = ADS

encrypt passwords = yes

ads server =

password server =

wins server =


# winbind stuff

winbind separator = +

winbind cache time = 10

template shell = /bin/bash

template homedir = /home/%D/%U

winbind uid = 10000-20000

winbind gid = 10000-20000



I found a couple of messages in the mailing list archives from people
having similar problems, but did not find any follow-ups with possible





To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list