[Samba] winbind with ADS error

Barry, Christopher cbarry at infiniconsys.com
Fri Mar 28 21:30:39 GMT 2003


This may be erroneous, but are the clocks synced between this box and the AD server? I know this can cause problems.

--
Christopher Barry
Manager of Information Systems
InfiniCon Systems
http://www.infiniconsys.com



-----Original Message-----
From: Scott Messec [mailto:messec at mail.utexas.edu]
Sent: Friday, March 28, 2003 4:13 PM
To: samba at lists.samba.org
Subject: [Samba] winbind with ADS error


RedHat AS 2.1 kernel 2.4.9-e.16 with kbr5-1.2.7

 

I've been playing with ADS features of samba-3.0alpha21 and am having
problems getting winbind to work.

 

I can join the domain:

 

[root at asecl etc]# net ads join

Joined 'ASECL' to realm 'ASE-LRC-AD.AE.UTEXAS.EDU'

 

After joining the domain, I can use the other 'net ads' options of user,
group, status and info. Can also use the smbclient with the -k option to
browse shares on the AD server.

 

 

When starting winbind, I get the following error which just keeps
repeating every 10 seconds.

 

[root at asecl samba]# tail -f log.winbindd 

  winbindd version 3.0alpha21 started.

  Copyright The Samba Team 2000-2001

[2003/03/27 10:39:08, 1]
nsswitch/winbindd_util.c:add_trusted_domain(138)

  Added domain ASE-LRC-AD  

[2003/03/27 10:39:08, 1] libsmb/clikrb5.c:krb5_mk_req2(55)

  krb5_cc_get_principal failed (No credentials cache found)

[2003/03/27 10:39:08, 0] libads/kerberos.c:ads_kinit_password(132)

  kerberos_kinit_password HOST/asecl at ASE-LRC-AD.AE.UTEXAS.EDU failed:
Client not found in Kerberos database

[2003/03/27 10:39:08, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(71)

  ads_connect for domain ASE-LRC-AD failed: Invalid credentials

[2003/03/27 10:39:18, 1] nsswitch/winbindd_util.c:init_domain_list(219)

  Retrying startup domain sid fetch for ASE-LRC-AD

[2003/03/27 10:39:18, 1] libsmb/clikrb5.c:krb5_mk_req2(55)

  krb5_cc_get_principal failed (No credentials cache found)

 

 

I checked the cached Kerberos tickets using klist

 

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: kdcuser at ASE-LRC-AD.AE.UTEXAS.EDU

 

Valid starting     Expires            Service principal

03/27/03 10:54:13  03/27/03 20:54:13
krbtgt/ASE-LRC-AD.AE.UTEXAS.EDU at ASE-LRC-AD.AE.UTEXAS.EDU

03/27/03 10:54:28  03/27/03 20:54:13
ase-lrc-test$@ASE-LRC-AD.AE.UTEXAS.EDU

03/27/03 10:54:28  03/27/03 20:54:13
kadmin/changepw at ASE-LRC-AD.AE.UTEXAS.EDU

 

 

Trying samba-3.0alpha22, winbind keeps repeating the following message

 

[2003/03/18 10:34:33, 1] nsswitch/winbindd.c:main(898)

  winbindd version 3.0alpha22 started.

  Copyright The Samba Team 2000-2001

[2003/03/18 10:34:33, 1]
nsswitch/winbindd_util.c:rescan_trusted_domains(168)

  scanning trusted domain list

[2003/03/18 10:39:33, 1]
nsswitch/winbindd_util.c:rescan_trusted_domains(168)

  scanning trusted domain list

 

 

Trying the latest 3.0 CVC, winbind gives

 

accepted socket 11

client_read: read 1312 bytes. Need 0 more for a full request.

process_loop: Invalid request size from pid 6340: 1564 bytes sent,
should be 1312

 

 

my smb.conf:

 

[global]

 

# Active Directory stuff

realm = ASE-LRC-AD.AE.UTEXAS.EDU

security = ADS

encrypt passwords = yes

ads server = 146.6.104.15

password server = 146.6.104.15

wins server = 146.6.104.15

 

# winbind stuff

winbind separator = +

winbind cache time = 10

template shell = /bin/bash

template homedir = /home/%D/%U

winbind uid = 10000-20000

winbind gid = 10000-20000

 

 

I found a couple of messages in the mailing list archives from people
having similar problems, but did not find any follow-ups with possible
solutions.

 

thanks

 

scott

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list