[Samba] Problem authenticating another domain

Trimble, Ronald D Ronald.Trimble at unisys.com
Wed Feb 22 20:38:34 GMT 2006


I am trying to authenticate a user in a domain (EU) other than my
default domain (NA).  I am at a loss as to what may be wrong at this
point.  When I run a wbinfo -sequence, I see the following:

 

linux:~ # wbinfo --sequence

LAC : DISCONNECTED

EU : DISCONNECTED

AP : DISCONNECTED

UIS : 19895750

TRIMBLRDLINUX : 1

BUILTIN : 1

NA : 15410431

 

If I try a kinit, here is the output:

 

linux:~ # kinit inblr-auth1 at eu.uis.unisys.com

inblr-auth1 at eu.uis.unisys.com's Password:

kinit: krb5_get_init_creds: unable to reach any KDC in realm
eu.uis.unisys.com

 

When I look at the logs for this domain, I see the following.  Notice
that it is correctly identifying a domain controller in that domain, but
starts failing after that.

 

[2006/02/22 15:12:51, 10] libsmb/namequery.c:internal_resolve_name(1145)

  internal_resolve_name: returning 26 addresses: 129.221.252.21:389
129.221.133.22:389 192.39.63.13:389 129.227.66.176:389
129.227.167.210:389 192.39.98.13:389 129.227.145.14:389
129.227.59.14:389 192.39.48.14:389 192.39.178.4:389 129.227.37.30:389
129.227.207.13:389 192.39.193.60:389 192.39.7.11:389 129.221.130.16:389
192.61.146.133:389 129.227.208.15:389 192.39.239.60:389
129.227.196.10:389 192.39.187.7:389 129.227.28.11:389 192.39.248.10:389
129.227.143.60:389 129.221.130.10:389 192.39.239.30:389
192.39.186.45:389

[2006/02/22 15:12:51, 5] libads/ldap.c:ads_try_connect(123)

  ads_try_connect: trying ldap server '192.61.146.133' port 389

[2006/02/22 15:12:51, 3] libads/ldap.c:ads_connect(285)

  Connected to LDAP server 192.61.146.133

[2006/02/22 15:12:51, 3] libads/ldap.c:ads_server_info(2514)

  got ldap server name usea-eudc1 at EU.UIS.UNISYS.COM, using bind path:
dc=EU,dc=UIS,dc=UNISYS,dc=COM

[2006/02/22 15:12:51, 4] libads/ldap.c:ads_server_info(2520)

  time offset is 70 seconds

[2006/02/22 15:12:52, 4] libads/sasl.c:ads_sasl_bind(451)

  Found SASL mechanism GSS-SPNEGO

[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)

  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2

[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)

  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2

[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)

  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3

[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(206)

  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10

[2006/02/22 15:12:52, 3] libads/sasl.c:ads_sasl_spnego_bind(215)

  ads_sasl_spnego_bind: got server principal name
=usea-eudc1$@EU.UIS.UNISYS.COM

[2006/02/22 15:13:04, 1] libsmb/clikrb5.c:ads_krb5_mk_req(394)

  ads_krb5_mk_req: krb5_get_credentials failed for
usea-eudc1$@EU.UIS.UNISYS.COM (Cannot contact any KDC for requested
realm)

[2006/02/22 15:13:14, 1] libsmb/clikrb5.c:ads_krb5_mk_req(394)

  ads_krb5_mk_req: krb5_get_credentials failed for
usea-eudc1$@EU.UIS.UNISYS.COM (Cannot contact any KDC for requested
realm)

[2006/02/22 15:13:14, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain EU failed: Cannot contact any KDC for requested
realm

[2006/02/22 15:13:14, 10]
nsswitch/winbindd_cache.c:store_cache_seqnum(329)

  store_cache_seqnum: success [EU][4294967295 @ 1140639194]

[2006/02/22 15:13:14, 10]
nsswitch/winbindd_cache.c:refresh_sequence_number(387)

  refresh_sequence_number: EU seq number is now -1

 

Does anyone see what may be wrong?  This problem is driving me nuts.

 

Thanks in advance,

Ron

 



More information about the samba mailing list