[Samba] ADS join troubles 3.0.14a

Michael Andrewjeski mandrewjeski at zonelabs.com
Tue May 24 18:51:17 GMT 2005 

Hi List,

I'm attempting to join a win2k3 domain as a member server with great difficulty.
I've read The HowTo, but am hung when attempting to join the Domain. I can kinit & klist 
Which seems good, but the ads join fails. 

Can someone help me understand what is causing the error listed below?

Component particulars are:

RH AS3, samba-3.0.14a compiled from source (./configure --prefix=/usr/pkg/samba-3.0.14a
--with-ads --with-ldap --with-winbind --with-smb-mount --with-acl-support --with-pam --with-ldapsam)

RedHat's krb5-*-1.2.7-44.rpm's 

I can send krb5.conf and smb.conf if needed!


Here's the command and subsequent
error:

#net ads join -U'svcSAMBA%xxxxxxxx!' -S sfintra1.AD.CHECKPOINT.COM -d3

[2005/05/24 11:33:09, 3] param/loadparm.c:lp_load(3907)
  lp_load: refreshing parameters
[2005/05/24 11:33:09, 3] param/loadparm.c:init_globals(1321)
  Initialising global parameters
[2005/05/24 11:33:09, 3] param/params.c:pm_process(573)
  params.c:pm_process() - Processing configuration file "/usr/pkg/samba-3.0.14a/lib/smb.conf"
[2005/05/24 11:33:09, 2] lib/interface.c:add_interface(81)
  added interface ip=172.16.211.151 bcast=172.16.211.255 nmask=255.255.255.0
[2005/05/24 11:33:09, 3] libads/ldap.c:ads_connect(285)
  Connected to LDAP server 209.87.220.50
[2005/05/24 11:33:09, 3] libads/ldap.c:ads_server_info(2469)
  got ldap server name sfinfra1 at AD.CHECKPOINT.COM, using bind path: dc=AD,dc=CHECKPOINT,dc=COM
[2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name =sfinfra1$@AD.CHECKPOINT.COM
[2005/05/24 11:33:09, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2005/05/24 11:33:09, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
  Ticket in ccache[MEMORY:net_ads] expiration Tue, 24 May 2005 21:33:09 GMT
[2005/05/24 11:33:09, 1] libads/ldap.c:ads_default_ou_string(1085)
Failed while searching for: <WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=AD,dc=CHECKPOINT,dc=COM>
ads_join_realm: Operations error
[2005/05/24 11:33:09, 2] utils/net.c:main(897)
  return code = -1

Any help greatly appreciated..
Mike

Michael Andrewjeski
Unix Administrator
Zone Labs, A Check Point Company
http://www.zonelabs.com
Tel:  415.633.4769
Fax:  415.633.4501

More information about the samba mailing list