[Samba] Joined 2 samba servers to ADS but kinit in winbindd failed
for one of them!
Ephi Dror
ephi at agami.com
Thu Aug 24 19:24:41 GMT 2006
Hi All,
I have strange situation in which two systems running SAMBA (same
version) have successfully joined an ADS.
However one has no problem using wimbindd/ wbinfo to communicate with
the domain and kinit in winbindd works fine.
But the other is failing with a kinit problem as following:
2006/08/21 20:15:56, 0, pid=19247]
libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password host/XXX at YYY.NET <mailto:host/XXX at YYY.NET>
failed: Client not found in Kerberos database
[2006/08/21 20:15:56, 1, pid=19247]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain YYY failed: Client not found in Kerberos database
[2006/08/21 20:15:56, 5, pid=19247]
nsswitch/winbindd_util.c:add_trusted_domains(202)
Now, when I issue "net ads status" on both SAMBA systems I see the
following.
On the Machine that has no problem with kinit winbindd:
userPrincipalName: HOST/banpfs01 at YYY.NET <mailto:HOST/banpfs01 at YYY.NET>
And
operatingSystem: Samba
On the Machine that has problem with kinit in winbindd:
servicePrincipalName: HOST/sjcpnas03.yyy.net
servicePrincipalName: HOST/SJCPNAS03
No info on operatingSystem.
So I underhand why kinit is failing, (because there is no
userPrincipalName) but why?
Why net ads join was successful and on the other hand there is no
userPrincipalName.
Where servicePrincipalName are coming from?
I would appreciate if anyone has an idea how two identical system comes
up on the AD differently.
In both systems, the computer account was created on the AD at the same
OU.
I'll be happy to update you if I find any answer.
Cheers,
Ephi
More information about the samba
mailing list