[Samba] ADS Join on Windows 2008 domain not working in 3.0.25b?
Eddie Tse
eddietse0 at gmail.com
Tue Jul 3 22:04:15 GMT 2007
Hi,
Using samba 3.0.25b, testing to join to a Windows 2008 domain using ADS
security with kerberos and it doesn't seem to work. Anybody else tried this
combination?
Same configuration worked joining to a Windows 2003 R2 domain.
I'm not a samba expert but looking at the log it looks like the
not_defined_in_RFC4178 at please_ignore have something to do with it?
Output from "net ads join"
[2007/07/04 08:02:12, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 192.168.x.x
[2007/07/04 08:02:12, 4] libads/ldap.c:ads_current_time(2414)
time offset is 0 seconds
[2007/07/04 08:02:12, 4] libads/sasl.c:ads_sasl_bind(521)
Found SASL mechanism GSS-SPNEGO
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/04 08:02:12, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178 at please_ignore
[2007/07/04 08:02:12, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/07/04 08:02:13, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
ads_krb5_mk_req: krb5_get_credentials failed for
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
[2007/07/04 08:02:13, 1] utils/net_ads.c:net_ads_join(1470)
error on ads_startup: Server not found in Kerberos database
Failed to join domain: Improperly formed account name
Output from "net ads testjoin"
[2007/07/04 07:57:00, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 192.168.x.x
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/04 07:57:00, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178 at please_ignore
[2007/07/04 07:57:00, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/07/04 07:57:04, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
ads_krb5_mk_req: krb5_get_credentials failed for
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
[2007/07/04 07:57:04, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: "192.168.x.x, xxx.xxx.xxx"
[2007/07/04 07:57:04, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 192.168.x.x
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/04 07:57:04, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178 at please_ignore
[2007/07/04 07:57:07, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
ads_krb5_mk_req: krb5_get_credentials failed for
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
[2007/07/04 07:57:11, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
ads_krb5_mk_req: krb5_get_credentials failed for
not_defined_in_RFC4178 at please_ignore (Server not found in Kerberos database)
Join to domain is not valid: Improperly formed account name
[2007/07/04 07:57:11, 2] utils/net.c:main(1032)
return code = -1
More information about the samba
mailing list