[Samba] net ads join fails

Penny Willisson Penny.Willisson at Ellisonslegal.com
Tue Apr 5 15:24:07 GMT 2005


Sorry attachment was removed - I have now pasted log file here.

[2005/04/05 15:11:44, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2005/04/05 15:11:44, 3] param/loadparm.c:lp_load(3907)
  lp_load: refreshing parameters
[2005/04/05 15:11:44, 3] param/loadparm.c:init_globals(1321)
  Initialising global parameters
[2005/04/05 15:11:44, 3] param/params.c:pm_process(573)
  params.c:pm_process() - Processing configuration file "/usr/local/samba3/lib/smb.conf"
[2005/04/05 15:11:44, 3] param/loadparm.c:do_section(3409)
  Processing section "[global]"
  doing parameter workgroup = ELLNET
  doing parameter realm = ellisonslegal.com
  doing parameter server string = Samba 3.0.13
  doing parameter security = ADS
  doing parameter allow trusted domains = No
  doing parameter log level = 1
  doing parameter syslog = 0
  doing parameter log file = /var/log/samba/%m
  doing parameter max log size = 50
  doing parameter printcap name = CUPS
  doing parameter ldap ssl = no
  doing parameter idmap backend = idmap_rid:KPAK=500-100000000
  doing parameter idmap uid = 500-100000000
  doing parameter idmap gid = 500-100000000
  doing parameter template shell = /bin/bash
  doing parameter winbind use default domain = yes
  doing parameter winbind enum users = No
  doing parameter winbind enum groups = No
  doing parameter winbind nested groups = Yes
  doing parameter deadtime = 30
  doing parameter keepalive = 60
  doing parameter os level = 2
  doing parameter preferred master = No
  doing parameter wins support = Yes
[2005/04/05 15:11:44, 4] param/loadparm.c:lp_load(3938)
  pm_process() returned Yes
[2005/04/05 15:11:44, 7] param/loadparm.c:lp_servicenumber(4048)
  lp_servicenumber: couldn't find homes
[2005/04/05 15:11:44, 10] param/loadparm.c:set_server_role(3856)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS-2LE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS-2LE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-16LE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-16LE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS-2BE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS-2BE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-16BE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-16BE
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF8
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF8
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-8
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-8
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset ASCII
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset ASCII
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset 646
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset 646
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset ISO-8859-1
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset ISO-8859-1
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS2-HEX
[2005/04/05 15:11:44, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS2-HEX
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'ISO-8859-1' for LOCALE
[2005/04/05 15:11:44, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="FSRVCOL2"
[2005/04/05 15:11:44, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
[2005/04/05 15:11:44, 5] libads/ldap.c:ads_try_connect(123)
  ads_try_connect: trying ldap server 'apps' port 389
[2005/04/05 15:11:44, 6] libads/ldap.c:ads_find_dc(214)
  ads_find_dc: looking for realm 'ELLISONSLEGAL.COM'
[2005/04/05 15:11:44, 8] libsmb/namequery.c:get_sorted_dc_list(1433)
  get_sorted_dc_list: attempting lookup using [ads]
[2005/04/05 15:11:44, 10] libsmb/namequery.c:internal_resolve_name(1028)
  internal_resolve_name: looking up ELLISONSLEGAL.COM#1c
[2005/04/05 15:11:44, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /usr/local/samba3/var/locks/gencache.tdb
[2005/04/05 15:11:44, 10] lib/gencache.c:gencache_get(285)
  Cache entry with key = NBT/ELLISONSLEGAL.COM#1C couldn't be found
[2005/04/05 15:11:44, 5] libsmb/namecache.c:namecache_fetch(195)
  no entry for ELLISONSLEGAL.COM#1C found.
[2005/04/05 15:11:44, 10] lib/gencache.c:gencache_del(214)
  Deleting cache entry (key = NBT/ELLISONSLEGAL.COM#1C)
[2005/04/05 15:11:44, 5] libsmb/namequery.c:resolve_ads(955)
  resolve_hosts: Attempting to resolve DC's for ELLISONSLEGAL.COM using DNS
[2005/04/05 15:11:44, 3] lib/util.c:interpret_addr(1148)
  sys_gethostbyname: Unknown host. exchange.ellisonslegal.com
[2005/04/05 15:11:44, 3] lib/util.c:interpret_addr(1148)
  sys_gethostbyname: Unknown host. apps.ellisonslegal.com
[2005/04/05 15:11:44, 3] lib/util.c:interpret_addr(1148)
  sys_gethostbyname: Unknown host. exchange.ellisonslegal.com
[2005/04/05 15:11:44, 5] libsmb/namecache.c:namecache_store(131)
  namecache_store: storing 0 addresses for ELLISONSLEGAL.COM#1c: 
[2005/04/05 15:11:44, 10] libsmb/namequery.c:internal_resolve_name(1145)
  internal_resolve_name: returning 0 addresses: 
[2005/04/05 15:11:44, 8] libsmb/namequery.c:get_dc_list(1316)
  Adding 0 DC's from auto lookup
[2005/04/05 15:11:44, 4] libsmb/namequery.c:get_dc_list(1332)
  get_dc_list: no servers found
[2005/04/05 15:11:44, 6] libads/ldap.c:ads_find_dc(214)
  ads_find_dc: looking for domain 'ELLNET'
[2005/04/05 15:11:44, 8] libsmb/namequery.c:get_sorted_dc_list(1433)
  get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast]
[2005/04/05 15:11:44, 10] libsmb/namequery.c:internal_resolve_name(1028)
  internal_resolve_name: looking up ELLNET#1c
[2005/04/05 15:11:44, 10] lib/gencache.c:gencache_get(263)
  Returning valid cache entry: key = NBT/ELLNET#1C, value = 10.0.0.31:0,10.0.0.32:0, timeout = Tue Apr  5 15:22:26 2005
  
[2005/04/05 15:11:44, 5] libsmb/namecache.c:namecache_fetch(201)
  name ELLNET#1C found.
[2005/04/05 15:11:44, 8] libsmb/namequery.c:get_dc_list(1316)
  Adding 2 DC's from auto lookup
[2005/04/05 15:11:44, 10] libsmb/namequery.c:remove_duplicate_addrs2(320)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2005/04/05 15:11:44, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 2 ip addresses in an unordered list
[2005/04/05 15:11:44, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 10.0.0.31:0 10.0.0.32:0 
[2005/04/05 15:11:44, 5] libads/ldap.c:ads_try_connect(123)
  ads_try_connect: trying ldap server '10.0.0.31' port 389
[2005/04/05 15:11:44, 3] libads/ldap.c:ads_connect(285)
  Connected to LDAP server 10.0.0.31
[2005/04/05 15:11:44, 3] libads/ldap.c:ads_server_info(2469)
  got ldap server name apps at ELLISONSLEGAL.COM, using bind path: dc=ELLISONSLEGAL,dc=COM
[2005/04/05 15:11:44, 4] libads/ldap.c:ads_server_info(2475)
  time offset is -3170 seconds
[2005/04/05 15:11:44, 4] libads/sasl.c:ads_sasl_bind(447)
  Found SASL mechanism GSS-SPNEGO
[2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name =apps$@ELLISONSLEGAL.COM
[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password Administrator at ELLISONSLEGAL.COM failed: Unknown code krb5 156
[2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Unknown code krb5 156
[2005/04/05 15:11:44, 2] utils/net.c:main(897)
  return code = -1

I am trying to connect to an ADS domain and it is failing all the time.
 
I am running SuSE Linux 9.0 with Samba 3.0.13 and have configured Samba with ldap and heimdal kerberos
 
Attached is my debug level 10 error log created when the join is attempted.
 
I would appreciate any advice on solving this problem.
 
Thanks in advance 
 
Penny Willisson

DISCLAIMER: The information contained within or attached to this transmission is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, or distribution of the message, either in full or in part, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.  Although every effort is taken to ensure that all e-mail is scanned for viruses, Ellisons will accept no responsibility for any damage or inconvenience resulting from any virus that may be contained in this e-mail.  A list of Partners is available on request.


More information about the samba mailing list