[Samba] Machine accounts

marpon at marpon.com.ar marpon at marpon.com.ar
Mon Jul 4 15:34:27 GMT 2005 

I 'm trying to figure out why my samba box can 't get any information about
trusted w2k ad domains. The linux samba server is a domain member of a w2k
domain. Everything is fine with this domain, but I can 't get sequence
numbers, nor users, nor groups from others domains in the active directory. 

The main error seems to be "Server not found in kerberos database" when it
tries to connect to others domain controllers. 

As an example, for one of this domains, winbind.log shows this: 

[2005/07/04 12:18:26, 10] nsswitch/winbindd_util.c:add_trusted_domains(221)
  Found domain SIDOR
[2005/07/04 12:18:26, 10] nsswitch/winbindd_cache.c:domain_sid(1407)
  domain_sid: [Cached] - doing backend query for info for domain SIDOR
[2005/07/04 12:18:26, 3] nsswitch/winbindd_ads.c:domain_sid(900)
  ads: domain_sid
[2005/07/04 12:18:26, 3] libads/ldap.c:ads_connect(285)
  Connected to LDAP server 10.50.180.51
[2005/07/04 12:18:26, 3] libads/ldap.c:ads_server_info(2469)
  got ldap server name sircwdc3 at SIDOR.TECHINT.NET, using bind path:
dc=SIDOR,dc=TECHINT,dc=NET
[2005/07/04 12:18:27, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/07/04 12:18:27, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/07/04 12:18:27, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/07/04 12:18:27, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/07/04 12:18:27, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name
=sircwdc3$@SIDOR.TECHINT.NET
[2005/07/04 12:18:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(389)
  ads_krb5_mk_req: krb5_get_credentials failed for
sircwdc3$@SIDOR.TECHINT.NET (Server not found in Kerberos database)
[2005/07/04 12:18:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(389)
  ads_krb5_mk_req: krb5_get_credentials failed for
sircwdc3$@SIDOR.TECHINT.NET (Server not found in Kerberos database)
[2005/07/04 12:18:27, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain SIDOR failed: Server not found in Kerberos database

This is samba 3.0.14a, mit kerberos 1.3.6. The log shows it 's trying to
connect with machine$@REALM. But if I try manually: 

kinit machine$@REALM  it gives "client not found in kerberos database". 

It does work if I don 't put the dollar sign (ie. machine at REALM). 

Can anyone give a clue how to solve this or what test i can do ?

Thanks, 

Martin 




--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

More information about the samba mailing list