[Samba] net ads join fails on ADS 2003

Jesko Schneider jesko.schneider at millenux.com
Sat Sep 24 17:32:58 GMT 2005 

hello,

i am wondering, when i try to follow the ADS 2003, samba can't join completly. 
The join ends with: ads_machine_password:Message stream modified.

When i start 'net ads join' with debugging i got an error:
[2005/09/24 18:51:49, 1] libads/krb5_setpw.c:parse_setpw_reply(237)
  Got error packet 0x7e from kpasswd server
[2005/09/24 18:51:49, 1] libads/krb5_setpw.c:do_krb5_kpasswd_request(450)
  parse_setpw_reply failed (Message stream modified)
ads_set_machine_password: Message stream modified
[2005/09/24 18:51:49, 2] utils/net.c:main(873)
  return code = -1

---------------------------------------------------------------------------
Surrounding:
ADS 2003, no SP, but Services for Unix installed
SuSE9.3 Updated
MIT-Kerberos5: 1.4.16 
Samba: 3.0.20
-------------------------------------------------------------------------
Problem:
linux11:~ # kinit Administrator
Password for Administrator at CITY.NET.FFM:
linux11:~ # klist -5ef
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at CITY.NET.FFM
Valid starting     Expires            Service principal
09/24/05 18:30:00  09/25/05 04:30:02  krbtgt/CITY.NET.FFM at CITY.NET.FFM
        renew until 09/25/05 18:30:00, Flags: RIA
        Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
linux11:~ # net ads join
ads_set_machine_password: Message stream modified
linux11:~ #

----- > but there is no complete join

-----------------------------------------------------------------------------
Debugging (Level 3):
[2005/09/24 18:51:48, 3] param/loadparm.c:lp_load(4082)
  lp_load: refreshing parameters
[2005/09/24 18:51:48, 3] param/loadparm.c:init_globals(1366)
  Initialising global parameters
[2005/09/24 18:51:48, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2005/09/24 18:51:48, 3] param/loadparm.c:do_section(3542)
  Processing section "[global]"
[2005/09/24 18:51:48, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.99.11 bcast=192.168.99.255 nmask=255.255.255.0
[2005/09/24 18:51:48, 3] libsmb/namequery.c:resolve_lmhosts(855)
  resolve_lmhosts: Attempting lmhosts lookup for name 
dc0001.city.net.ffm<0x20>
[2005/09/24 18:51:48, 3] libsmb/namequery.c:resolve_wins(752)
  resolve_wins: Attempting wins lookup for name dc0001.city.net.ffm<0x20>
[2005/09/24 18:51:48, 3] libsmb/namequery.c:resolve_wins(755)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2005/09/24 18:51:48, 3] libsmb/namequery.c:resolve_hosts(917)
  resolve_hosts: Attempting host lookup for name dc0001.city.net.ffm<0x20>
[2005/09/24 18:51:48, 3] libads/ldap.c:ads_connect(285)
  Connected to LDAP server 192.168.99.1
[2005/09/24 18:51:49, 3] libads/ldap.c:ads_server_info(2514)
  got ldap server name dc0001 at CITY.NET.FFM, using bind path: 
dc=CITY,dc=NET,dc=FFM
[2005/09/24 18:51:49, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/09/24 18:51:49, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/09/24 18:51:49, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/09/24 18:51:49, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/09/24 18:51:49, 3] libads/sasl.c:ads_sasl_spnego_bind(215)
  ads_sasl_spnego_bind: got server principal name =dc0001$@CITY.NET.FFM
[2005/09/24 18:51:49, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(321)
  Ticket in ccache[FILE:/tmp/krb5cc_0] expiration Sun, 25 Sep 2005 04:49:51 
GMT
[2005/09/24 18:51:49, 1] libads/krb5_setpw.c:parse_setpw_reply(237)
  Got error packet 0x7e from kpasswd server
[2005/09/24 18:51:49, 1] libads/krb5_setpw.c:do_krb5_kpasswd_request(450)
  parse_setpw_reply failed (Message stream modified)
ads_set_machine_password: Message stream modified
[2005/09/24 18:51:49, 2] utils/net.c:main(873)
  return code = -1
linux11:~ # exit
----------------------------------------------------------------

/etc/samba/smb.conf:

[global]
   workgroup = CITY
   server string = Samba Server
   load printers = no
   log file = /var/log/samba/%m.log
   loglevel = 5
   max log size = 1000
   security = ads
   password server = dc0001.city.net.ffm
   realm = CITY.NET.FFM
   client use spnego = yes
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
[tmp]
   comment = Temporary file space
   path = /tmp
   read only = no

-----------------------------------------------------------------
/etc/krb5.conf

[libdefaults]
 default_realm = CITY.NET.FFM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 CITY.NET.FFM = {
  kdc = dc0001.city.net.ffm:88
  default_domain = city.net.ffm
 }

[domain_realm]
 .city.net.ffm = CITY.NET.FFM
 city.net.ffm = CITY.NET.FFM

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


-- 
----------------------------------------------------------
Millenux GmbH
Jesko Schneider
mobile:	+49 170 7917732
phone:  +49 89 60866527   (München)
email:	jesko.schneider at millenux.com
web:	www.millenux.com

Rudolf-Diesel-Str. 14		
D-85521 Ottobrunn-Riemerling	
 ----------------------------------------------------------

More information about the samba mailing list