[Samba] winbind with ADS error
Barry, Christopher
cbarry at infiniconsys.com
Fri Mar 28 21:30:39 GMT 2003
This may be erroneous, but are the clocks synced between this box and the AD server? I know this can cause problems.
--
Christopher Barry
Manager of Information Systems
InfiniCon Systems
http://www.infiniconsys.com
-----Original Message-----
From: Scott Messec [mailto:messec at mail.utexas.edu]
Sent: Friday, March 28, 2003 4:13 PM
To: samba at lists.samba.org
Subject: [Samba] winbind with ADS error
RedHat AS 2.1 kernel 2.4.9-e.16 with kbr5-1.2.7
I've been playing with ADS features of samba-3.0alpha21 and am having
problems getting winbind to work.
I can join the domain:
[root at asecl etc]# net ads join
Joined 'ASECL' to realm 'ASE-LRC-AD.AE.UTEXAS.EDU'
After joining the domain, I can use the other 'net ads' options of user,
group, status and info. Can also use the smbclient with the -k option to
browse shares on the AD server.
When starting winbind, I get the following error which just keeps
repeating every 10 seconds.
[root at asecl samba]# tail -f log.winbindd
winbindd version 3.0alpha21 started.
Copyright The Samba Team 2000-2001
[2003/03/27 10:39:08, 1]
nsswitch/winbindd_util.c:add_trusted_domain(138)
Added domain ASE-LRC-AD
[2003/03/27 10:39:08, 1] libsmb/clikrb5.c:krb5_mk_req2(55)
krb5_cc_get_principal failed (No credentials cache found)
[2003/03/27 10:39:08, 0] libads/kerberos.c:ads_kinit_password(132)
kerberos_kinit_password HOST/asecl at ASE-LRC-AD.AE.UTEXAS.EDU failed:
Client not found in Kerberos database
[2003/03/27 10:39:08, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(71)
ads_connect for domain ASE-LRC-AD failed: Invalid credentials
[2003/03/27 10:39:18, 1] nsswitch/winbindd_util.c:init_domain_list(219)
Retrying startup domain sid fetch for ASE-LRC-AD
[2003/03/27 10:39:18, 1] libsmb/clikrb5.c:krb5_mk_req2(55)
krb5_cc_get_principal failed (No credentials cache found)
I checked the cached Kerberos tickets using klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: kdcuser at ASE-LRC-AD.AE.UTEXAS.EDU
Valid starting Expires Service principal
03/27/03 10:54:13 03/27/03 20:54:13
krbtgt/ASE-LRC-AD.AE.UTEXAS.EDU at ASE-LRC-AD.AE.UTEXAS.EDU
03/27/03 10:54:28 03/27/03 20:54:13
ase-lrc-test$@ASE-LRC-AD.AE.UTEXAS.EDU
03/27/03 10:54:28 03/27/03 20:54:13
kadmin/changepw at ASE-LRC-AD.AE.UTEXAS.EDU
Trying samba-3.0alpha22, winbind keeps repeating the following message
[2003/03/18 10:34:33, 1] nsswitch/winbindd.c:main(898)
winbindd version 3.0alpha22 started.
Copyright The Samba Team 2000-2001
[2003/03/18 10:34:33, 1]
nsswitch/winbindd_util.c:rescan_trusted_domains(168)
scanning trusted domain list
[2003/03/18 10:39:33, 1]
nsswitch/winbindd_util.c:rescan_trusted_domains(168)
scanning trusted domain list
Trying the latest 3.0 CVC, winbind gives
accepted socket 11
client_read: read 1312 bytes. Need 0 more for a full request.
process_loop: Invalid request size from pid 6340: 1564 bytes sent,
should be 1312
my smb.conf:
[global]
# Active Directory stuff
realm = ASE-LRC-AD.AE.UTEXAS.EDU
security = ADS
encrypt passwords = yes
ads server = 146.6.104.15
password server = 146.6.104.15
wins server = 146.6.104.15
# winbind stuff
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
I found a couple of messages in the mailing list archives from people
having similar problems, but did not find any follow-ups with possible
solutions.
thanks
scott
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list