[Samba] ADS Join problem samba3.0.14a kerberos 1.3.5
Michael Andrewjeski
mandrewjeski at zonelabs.com
Tue May 31 18:39:49 GMT 2005
Hi List,
I'm wondering if someone can help me get past these errors
Joining an ADS Domain, using samba 3.0.14a & kerberos 1.3.5.
When I look at the debug output from the join attempt, it almost seems
as though The join is looking for an OU or something from the AD that
doesn't exist. I'm not an
Windows person and the AD admins are not around to help peep this out.
Can anyone take a look at the debug output below and point me in the
right direction?
I've included the compile strings for the samba, the klist output and
the net join Output from debug level 10.
Thanks in advance for your help.
compiled thusly:
./configure --prefix=/usr/pkg/samba-3.0.14a --with-ads --with-smbmount
--with-krb5=base=/usr/pkg/kerberos
klist output:
/usr/pkg/kerberos/bin/klist -5 -f
Default principal: svcSAMBA at AD.HOSTNAME.COM
Valid starting Expires Service principal
05/27/05 09:53:21 05/27/05 19:53:27
krbtgt/AD.HOSTNAME.COM at AD.HOSTNAME.COM
renew until 06/03/05 09:53:21, Flags: RI
05/27/05 10:25:42 05/27/05 19:53:27 sfinfra1$@AD.HOSTNAME.COM
renew until 06/03/05 09:53:21, Flags: RO
The net join command:
root at itibm:/root# /usr/pkg/samba/bin/net ads join -U'svcSAMBA%XXXXXX'
-d10 [2005/05/27 10:27:09, 5] lib/debug.c:debug_dump_status(366)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
[2005/05/27 10:27:09, 3] param/loadparm.c:lp_load(3907)
lp_load: refreshing parameters
[2005/05/27 10:27:09, 3] param/loadparm.c:init_globals(1321)
Initialising global parameters
[2005/05/27 10:27:09, 3] param/params.c:pm_process(573)
params.c:pm_process() - Processing configuration file
"/usr/pkg/samba-3.0.14a/lib/smb.conf"
[2005/05/27 10:27:09, 3] param/loadparm.c:do_section(3409)
Processing section "[global]"
doing parameter workgroup = AD
doing parameter realm = AD.HOSTNAME.COM
doing parameter security = ADS
doing parameter map to guest = Bad User
doing parameter password server = 209.87.220.50
doing parameter realm = AD.HOSTNAME.COM
doing parameter encrypt passwords = true
doing parameter winbind uid = 10000-65000
doing parameter winbind gid = 10000-65000
doing parameter winbind cache time = 5
doing parameter netbios name = itibm
[2005/05/27 10:27:09, 4] param/loadparm.c:handle_netbios_name(2754)
handle_netbios_name: set global_myname to: ITIBM
doing parameter workgroup = AD
doing parameter server string = ITIBM
doing parameter log file = /var/log/samba/log.%m
doing parameter security = ADS
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter local master = no
doing parameter os level = 3
doing parameter domain master = no
doing parameter preferred master = no
doing parameter name resolve order = wins lmhosts hosts bcast
doing parameter wins server = 209.87.220.51
[2005/05/27 10:27:09, 4] param/loadparm.c:lp_load(3938)
pm_process() returned Yes
[2005/05/27 10:27:09, 7] param/loadparm.c:lp_servicenumber(4048)
lp_servicenumber: couldn't find homes
[2005/05/27 10:27:09, 10] param/loadparm.c:set_server_role(3856)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS-2LE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS-2LE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-16LE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-16LE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS-2BE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS-2BE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-16BE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-16BE
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF8
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF8
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-8
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-8
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset ASCII
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset ASCII
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset 646
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset 646
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset ISO-8859-1
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset ISO-8859-1
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS2-HEX
[2005/05/27 10:27:09, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS2-HEX
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2005/05/27 10:27:09, 5] lib/util.c:init_names(256)
Netbios name list:-
my_netbios_names[0]="ITIBM"
[2005/05/27 10:27:09, 2] lib/interface.c:add_interface(81)
added interface ip=172.16.211.151 bcast=172.16.211.255
nmask=255.255.255.0 [2005/05/27 10:27:09, 6]
libads/ldap.c:ads_find_dc(214)
ads_find_dc: looking for realm 'AD.HOSTNAME.COM'
[2005/05/27 10:27:09, 8] libsmb/namequery.c:get_sorted_dc_list(1433)
get_sorted_dc_list: attempting lookup using [ads]
[2005/05/27 10:27:09, 10]
libsmb/namequery.c:remove_duplicate_addrs2(320)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2005/05/27 10:27:09, 4] libsmb/namequery.c:get_dc_list(1406)
get_dc_list: returning 1 ip addresses in an ordered list [2005/05/27
10:27:09, 4] libsmb/namequery.c:get_dc_list(1407)
get_dc_list: 209.87.220.50:389
[2005/05/27 10:27:09, 5] libads/ldap.c:ads_try_connect(123)
ads_try_connect: trying ldap server '209.87.220.50' port 389
[2005/05/27 10:27:09, 3] libads/ldap.c:ads_connect(285)
Connected to LDAP server 209.87.220.50
[2005/05/27 10:27:09, 3] libads/ldap.c:ads_server_info(2469)
got ldap server name sfinfra1 at AD.HOSTNAME.COM, using bind path:
dc=AD,dc=HOSTNAME,dc=COM [2005/05/27 10:27:09, 4]
libads/ldap.c:ads_server_info(2475)
time offset is 0 seconds
[2005/05/27 10:27:09, 4] libads/sasl.c:ads_sasl_bind(447)
Found SASL mechanism GSS-SPNEGO
[2005/05/27 10:27:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/05/27 10:27:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2005/05/27
10:27:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2005/05/27
10:27:09, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2005/05/27
10:27:09, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
ads_sasl_spnego_bind: got server principal name
=sfinfra1$@AD.HOSTNAME.COM [2005/05/27 10:27:09, 3]
libsmb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found) [2005/05/27 10:27:09, 3]
libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
Ticket in ccache[MEMORY:net_ads] expiration Fri, 27 May 2005 20:27:09
GMT [2005/05/27 10:27:09, 10] libsmb/clikrb5.c:ads_krb5_mk_req(408)
ads_krb5_mk_req: Ticket (sfinfra1$@AD.HOSTNAME.COM) in ccache
(MEMORY:net_ads) is valid until: (Fri, 27 May 2005 20:27:09 GMT -
1117250829) [2005/05/27 10:27:09, 10]
libsmb/clikrb5.c:get_krb5_smb_session_key(509)
Got KRB5 session key of length 16
[2005/05/27 10:27:09, 1] libads/ldap.c:ads_default_ou_string(1085)
Failed while searching for:
<WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=AD,dc=HOSTNAME,dc=COM>
[2005/05/27 10:27:09, 10] intl/lang_tdb.c:lang_tdb_init(135)
lang_tdb_init: /usr/pkg/samba-3.0.14a/lib/en_US.UTF-8.msg: No such
file or directory
ads_join_realm: Operations error
[2005/05/27 10:27:09, 2] utils/net.c:main(897)
return code = -1
root at itibm:/root#
More information about the samba
mailing list