[Samba] ADS join troubles 3.0.14a

Dimitri Yioulos dyioulos at firstbhph.com
Tue May 24 19:03:45 GMT 2005


On Tuesday May 24 2005 2:51 pm, Michael Andrewjeski wrote:
> Hi List,
>
> I'm attempting to join a win2k3 domain as a member server with great
> difficulty. I've read The HowTo, but am hung when attempting to join the
> Domain. I can kinit & klist Which seems good, but the ads join fails.
>
> Can someone help me understand what is causing the error listed below?
>
> Component particulars are:
>
> RH AS3, samba-3.0.14a compiled from source (./configure
> --prefix=/usr/pkg/samba-3.0.14a --with-ads --with-ldap --with-winbind
> --with-smb-mount --with-acl-support --with-pam --with-ldapsam)
>
> RedHat's krb5-*-1.2.7-44.rpm's
>
> I can send krb5.conf and smb.conf if needed!
>
>
> Here's the command and subsequent
> error:
>
> #net ads join -U'svcSAMBA%xxxxxxxx!' -S sfintra1.AD.CHECKPOINT.COM -d3
>
> [2005/05/24 11:33:09, 3] param/loadparm.c:lp_load(3907)
>   lp_load: refreshing parameters
> [2005/05/24 11:33:09, 3] param/loadparm.c:init_globals(1321)
>   Initialising global parameters
> [2005/05/24 11:33:09, 3] param/params.c:pm_process(573)
>   params.c:pm_process() - Processing configuration file
> "/usr/pkg/samba-3.0.14a/lib/smb.conf" [2005/05/24 11:33:09, 2]
> lib/interface.c:add_interface(81)
>   added interface ip=172.16.211.151 bcast=172.16.211.255
> nmask=255.255.255.0 [2005/05/24 11:33:09, 3] libads/ldap.c:ads_connect(285)
>   Connected to LDAP server 209.87.220.50
> [2005/05/24 11:33:09, 3] libads/ldap.c:ads_server_info(2469)
>   got ldap server name sfinfra1 at AD.CHECKPOINT.COM, using bind path:
> dc=AD,dc=CHECKPOINT,dc=COM [2005/05/24 11:33:09, 3]
> libads/sasl.c:ads_sasl_spnego_bind(204)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2005/05/24 11:33:09, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
>   ads_sasl_spnego_bind: got server principal name
> =sfinfra1$@AD.CHECKPOINT.COM [2005/05/24 11:33:09, 3]
> libsmb/clikrb5.c:ads_krb5_mk_req(381)
>   ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
> found) [2005/05/24 11:33:09, 3]
> libsmb/clikrb5.c:ads_cleanup_expired_creds(318) Ticket in
> ccache[MEMORY:net_ads] expiration Tue, 24 May 2005 21:33:09 GMT [2005/05/24
> 11:33:09, 1] libads/ldap.c:ads_default_ou_string(1085) Failed while
> searching for:
> <WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=AD,dc=CHECKPOINT,dc=COM>
> ads_join_realm: Operations error
> [2005/05/24 11:33:09, 2] utils/net.c:main(897)
>   return code = -1
>
> Any help greatly appreciated..
> Mike
>
> Michael Andrewjeski
> Unix Administrator
> Zone Labs, A Check Point Company
> http://www.zonelabs.com
> Tel:  415.633.4769
> Fax:  415.633.4501


Do post you krb5.conf and smb.conf files.


More information about the samba mailing list