[Samba] Update/Repost: Kerberos works, but "net ads join" fails

Roman Bigler roeme at roeme.ch
Tue Feb 27 16:35:05 GMT 2007 

My original message did not seem to come through, so I'm including it  
in this message.

Update to the Symptoms: It does not matter which user or password  
(wrong/correct) I use for
"net ads join", it fails in any case.

This is really confusing.

Begin forwarded message:
> Hi List,
>
> this is gonna be a really funky/interesting/uncommon error you're  
> going to deal with (if you do).
>
> Developer(s): I'd be really happy if you can point me at the right  
> source files or describe at which
> stage of the "discussion" between my servers fail. This might be of  
> some use..
>
> But let's get to the facts:
>
> SYMPTOMS
> --------
> 1) Invoked "kinit", no error messages are generated, verbose mode  
> says "Authenticated to Kerberos v5".
> 2) "klist" thereafter returns a valid ticket.
> 3) Trying to join the AD with "net ads join" et cetera however  
> results in a "ads_connect: Operations error" after about 40 seconds.
> 4) "net" exits with errcode -1 (looks like an unspecified error to  
> me?)
>
> Further investigation revealed that "net" indeed can connect to the  
> PDC, but fails with the errors described above.
>
> MORE DETAILED OUTPUT OF TOOLS
> -----------------------------
> Unfortunately, the debug output of "net" does not help a lot, even  
> with level 10. Here's the interesting part:
> --snip--
> [2007/02/27 14:35:14, 3] libads/ldap.c:ads_connect(287)
>   Connected to LDAP server 192.168.0.4
> [2007/02/27 14:35:54, 0] utils/net_ads.c:ads_startup(289)
>   ads_connect: Operations error
> [2007/02/27 14:35:54, 2] utils/net.c:main(988)
>   return code = -1
> --snap--
> Please note 40 seconds gap between the first two messages.
>
> CURRENT SETUP
> -------------
> - Windows 2003 Active Directory (functional level 2003, not 2000  
> native).
> - Linux 2.6.18.2-34, custom kernel, recent SuSE 10.2 distribution
> - Samba 3.0.24-SerNet-SuSE
>
> ADDITIONAL INFORMATION
> ----------------------
> The whole thing was working until recently. After it stopped  
> working, I've done several things:
> - tweaked configurations several times (use DNS or fixed IP's /  
> minimal config / etc.)
> - removed the Samba server from the domain in order to rejoin it  
> (helped in an earlier situation)
> - updated Samba (from 3.0.23d to 3.0.24)
> - raised the AD functional level
> - checked kerberos messages on windows
> - the usual google, man-page and mailing-list-crawling, even looked  
> at the sources
>
> ASSUMPTIONS
> -----------
> I assume that an unspecified service on the windows-side fails and  
> causes the communication to halt (or similar), which in turn  
> triggers a timeout.
>
>
> Thanks in advance to anyone helping me out with this very strange  
> error.
>
> Cheers,
> Roman

More information about the samba mailing list