[Samba] winbind/samba 3.0.1-1 fails to store machine account
password when joining ADS
Lewis Shobbrook
lshobbrook at fasttrack.net.au
Tue Jan 6 03:46:12 GMT 2004
Hi All,
The latest Debian unstable release of samba 3.0.1-1 appears to be fail
in storing the machine account password when joining a 2000 AD domain.
kinit user at realm works fine, as does net ads join suggesting the issue
is not related kerberos misconfiguration.
klist indicates no cached tickets, until kinit is used.
and winbindd.log shows the following entries when winbindd starts.
libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password HOST/SERVER at REALM failed: Client not found in
Kerberos database
We can see from the logs that the winbindd is attempting to initiate the
connection to the domain using kerberos ticket associated with the
machine account, but it isn't there.
The file secrets.tdb doesn't exist, neither does smbpasswd for that
matter (not that it is specifically needed). The process of storing the
machine account details was automated in the last version prior to this
current relase. It is apparently broken.
All attempts to access shares fail with
smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Am I missing something??
Cheers,
Lewis
More information about the samba
mailing list