[Samba] ADS Join on Windows 2008 domain not working in 3.0.25b?

Eddie Tse eddietse0 at gmail.com
Tue Jul 3 22:04:15 GMT 2007 

Hi,

Using samba 3.0.25b, testing to join to a Windows 2008 domain using ADS 
security with kerberos and it doesn't seem to work.  Anybody else tried this 
combination?

Same configuration worked joining to a Windows 2003 R2 domain.


I'm not a samba expert but looking at the log it looks like the 
not_defined_in_RFC4178 at please_ignore have something to do with it?


Output from "net ads join"

[2007/07/04 08:02:12, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 192.168.x.x
[2007/07/04 08:02:12, 4] libads/ldap.c:ads_current_time(2414)
  time offset is 0 seconds
[2007/07/04 08:02:12, 4] libads/sasl.c:ads_sasl_bind(521)
  Found SASL mechanism GSS-SPNEGO
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = 
not_defined_in_RFC4178 at please_ignore
[2007/07/04 08:02:12, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/07/04 08:02:13, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
  ads_krb5_mk_req: krb5_get_credentials failed for 
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
[2007/07/04 08:02:13, 1] utils/net_ads.c:net_ads_join(1470)
  error on ads_startup: Server not found in Kerberos database
Failed to join domain: Improperly formed account name



Output from "net ads testjoin"

[2007/07/04 07:57:00, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 192.168.x.x
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = 
not_defined_in_RFC4178 at please_ignore
[2007/07/04 07:57:00, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/07/04 07:57:04, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
  ads_krb5_mk_req: krb5_get_credentials failed for 
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
[2007/07/04 07:57:04, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "192.168.x.x, xxx.xxx.xxx"
[2007/07/04 07:57:04, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 192.168.x.x
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = 
not_defined_in_RFC4178 at please_ignore
[2007/07/04 07:57:07, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
  ads_krb5_mk_req: krb5_get_credentials failed for 
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
[2007/07/04 07:57:11, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
  ads_krb5_mk_req: krb5_get_credentials failed for 
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
Join to domain is not valid: Improperly formed account name
[2007/07/04 07:57:11, 2] utils/net.c:main(1032)
  return code = -1

More information about the samba mailing list