[Samba] Could not join to domain with krb5 error: Message stream modified

Ephi Dror ephi at agami.com
Fri Jul 28 17:49:31 GMT 2006 

Hi all,
 
I have a situation in which my SAMBA 3.0.14a could not join the a very
large windows 2003 AD domain with tens of domain controllers all over
the world. With an error I have never seen before. 
The kinit part went OK but the net ads join part failed.
 
What we tried is to have our SAMBA joined one of the OU in which we have
the credentials to join. 
BTW  we had no problem to join other windows and Mac systems with our
name/password
 
The error is a krb5 error:  Message stream modified and it was replied
while in the function:parse_setpw_reply
 
Any idea or an hint would be really really appreciated:
 
Below is the last few lines of a debug level 10 while trying to join the
domain.
 
Cheers,
Ephi
 
============  log  from net join    =====================
ads_try_connect: trying ldap server 'AA.BB.CC.DD' port 389

[2006/07/28 07:18:12, 3, pid=5128] libads/ldap.c:ads_connect(288)

Connected to LDAP server AA.BB.CC.DD

[2006/07/28 07:18:12, 3, pid=5128] libads/ldap.c:ads_server_info(2483)

got ldap server name sjcpdc03 at XXX.NET <mailto:sjcpdc03 at XXX.NET> , using
bind path: dc=XXX,dc=NET

[2006/07/28 07:18:12, 4, pid=5128] libads/ldap.c:ads_server_info(2489)

time offset is 0 seconds

[2006/07/28 07:18:12, 4, pid=5128] libads/sasl.c:ads_sasl_bind(447)

Found SASL mechanism GSS-SPNEGO

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(211)

ads_sasl_spnego_bind: got server principal name =sjcpdc03$@XXX.NET
<mailto:=sjcpdc03$@XXX.NET> 

[2006/07/28 07:18:12, 3, pid=5128] libsmb/clikrb5.c:ads_krb5_mk_req(385)

ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)

[2006/07/28 07:18:12, 3, pid=5128]
libsmb/clikrb5.c:ads_cleanup_expired_creds(318)

Ticket in ccache[MEMORY:net_ads] expiration Fri, 28 Jul 2006 17:18:12
GMT

[2006/07/28 07:18:12, 10, pid=5128]
libsmb/clikrb5.c:ads_krb5_mk_req(428)

ads_krb5_mk_req: Ticket (sjcpdc03$@XXX.NET <mailto:sjcpdc03$@XXX.NET> )
in ccache (MEMORY:net_ads) is

valid until: (Fri, 28 Jul 2006 17:18:12 GMT - 1154132292)

[2006/07/28 07:18:12, 10, pid=5128]
libsmb/clikrb5.c:get_krb5_smb_session_key(528)

Got KRB5 session key of length 16

[2006/07/28 07:18:12, 10, pid=5128] lib/util.c:name_to_fqdn(2860)

name_to_fqdn: lookup for sjcpfs03 -> sjcpfs03.xxx.net.

[2006/07/28 07:18:12, 0, pid=5128]
libads/ldap.c:ads_add_machine_acct(1419)

ads_add_machine_acct: Host account for sjcpfs03 already exists -
modifying old account

[2006/07/28 07:18:12, 5, pid=5128]
libads/ldap_utils.c:ads_do_search_retry(56)

Search for (objectclass=*) gave 1 replies

[2006/07/28 07:18:12, 1, pid=5128]
libads/krb5_setpw.c:parse_setpw_reply(237)

Got error packet 0x7e from kpasswd server

[2006/07/28 07:18:12, 1, pid=5128]
libads/krb5_setpw.c:do_krb5_kpasswd_request(450)

parse_setpw_reply failed (Message stream modified)

[2006/07/28 07:18:12, 10, pid=5128] intl/lang_tdb.c:lang_tdb_init(135)

lang_tdb_init: /opt/filer/lib/en_US.UTF-8.msg: No such file or directory

[2006/07/28 07:18:12, 2, pid=5128] utils/net.c:main(904)

return code = -1

More information about the samba mailing list