[Samba] Problem authenticating another domain
Trimble, Ronald D
Ronald.Trimble at unisys.com
Wed Feb 22 20:38:34 GMT 2006
I am trying to authenticate a user in a domain (EU) other than my
default domain (NA). I am at a loss as to what may be wrong at this
point. When I run a wbinfo -sequence, I see the following:
linux:~ # wbinfo --sequence
LAC : DISCONNECTED
EU : DISCONNECTED
AP : DISCONNECTED
UIS : 19895750
TRIMBLRDLINUX : 1
BUILTIN : 1
NA : 15410431
If I try a kinit, here is the output:
linux:~ # kinit inblr-auth1 at eu.uis.unisys.com
inblr-auth1 at eu.uis.unisys.com's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm
eu.uis.unisys.com
When I look at the logs for this domain, I see the following. Notice
that it is correctly identifying a domain controller in that domain, but
starts failing after that.
[2006/02/22 15:12:51, 10] libsmb/namequery.c:internal_resolve_name(1145)
internal_resolve_name: returning 26 addresses: 129.221.252.21:389
129.221.133.22:389 192.39.63.13:389 129.227.66.176:389
129.227.167.210:389 192.39.98.13:389 129.227.145.14:389
129.227.59.14:389 192.39.48.14:389 192.39.178.4:389 129.227.37.30:389
129.227.207.13:389 192.39.193.60:389 192.39.7.11:389 129.221.130.16:389
192.61.146.133:389 129.227.208.15:389 192.39.239.60:389
129.227.196.10:389 192.39.187.7:389 129.227.28.11:389 192.39.248.10:389
129.227.143.60:389 129.221.130.10:389 192.39.239.30:389
192.39.186.45:389
[2006/02/22 15:12:51, 5] libads/ldap.c:ads_try_connect(123)
ads_try_connect: trying ldap server '192.61.146.133' port 389
[2006/02/22 15:12:51, 3] libads/ldap.c:ads_connect(285)
Connected to LDAP server 192.61.146.133
[2006/02/22 15:12:51, 3] libads/ldap.c:ads_server_info(2514)
got ldap server name usea-eudc1 at EU.UIS.UNISYS.COM, using bind path:
dc=EU,dc=UIS,dc=UNISYS,dc=COM
[2006/02/22 15:12:51, 4] libads/ldap.c:ads_server_info(2520)
time offset is 70 seconds
[2006/02/22 15:12:52, 4] libads/sasl.c:ads_sasl_bind(451)
Found SASL mechanism GSS-SPNEGO
[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(215)
ads_sasl_spnego_bind: got server principal name
=usea-eudc1$@EU.UIS.UNISYS.COM
[2006/02/22 15:13:04, 1] libsmb/clikrb5.c:ads_krb5_mk_req(394)
ads_krb5_mk_req: krb5_get_credentials failed for
usea-eudc1$@EU.UIS.UNISYS.COM (Cannot contact any KDC for requested
realm)
[2006/02/22 15:13:14, 1] libsmb/clikrb5.c:ads_krb5_mk_req(394)
ads_krb5_mk_req: krb5_get_credentials failed for
usea-eudc1$@EU.UIS.UNISYS.COM (Cannot contact any KDC for requested
realm)
[2006/02/22 15:13:14, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain EU failed: Cannot contact any KDC for requested
realm
[2006/02/22 15:13:14, 10]
nsswitch/winbindd_cache.c:store_cache_seqnum(329)
store_cache_seqnum: success [EU][4294967295 @ 1140639194]
[2006/02/22 15:13:14, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(387)
refresh_sequence_number: EU seq number is now -1
Does anyone see what may be wrong? This problem is driving me nuts.
Thanks in advance,
Ron
More information about the samba
mailing list