[Samba] Response too big for UDP, retry with TCP

Nejc Škoberne nejc at skoberne.net
Tue Jul 10 07:02:46 GMT 2007 

Hello,

I am trying to join a Samba 3.0.24 server into an ADS domain, which is
served by two Windows 2003 servers (let's say srv1.domain.local (192.168.1.1)
and srv2.domain.local (192.168.1.4)). I am running Samba on a FreeBSD 6.2
machine and I have established an OpenVPN connection to the ADS network
(tunneling). I have this in my resolv.conf:

------------------------------------------------------------------------
search domain.local
nameserver 192.168.1.1
nameserver 192.168.1.4
------------------------------------------------------------------------

I also have this in my /etc/hosts:

------------------------------------------------------------------------
127.0.0.1               localhost localhost.my.domain
192.168.1.1             srv1.domain.local srv1
192.168.1.4             srv2.domain.local srv2
------------------------------------------------------------------------

and I have this in my krb5.conf:

------------------------------------------------------------------------
[libdefaults]
         default_realm = DOMAIN.LOCAL

[realms]
         DOMAIN.LOCAL = {
                 kdc = srv1.domain.local
         }

[domain_realms]
         .domain.local = DOMAIN.LOCAL
------------------------------------------------------------------------

And these are the relevant parameters in smb.conf:

------------------------------------------------------------------------
         security = ADS
         netbios name = BONAPARTE
         server string = BONAPARTE Samba server
         workgroup = INFRAX
         realm = DOMAIN.LOCAL
         local master = yes
         preferred master = yes
         wins server = 192.168.1.1 192.168.1.4
         password server = srv1
------------------------------------------------------------------------

However, when I try to "kinit", I get this:

root at Bonaparte:~# kinit Administrator at DOMAIN.LOCAL
Administrator at DOMAIN.LOCAL's Password:
kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP

and when I try to "net ads join" into the domain, I get this:

root at Bonaparte:~# net ads join -U Administrator%password
[2007/07/10 08:54:38, 0] libads/kerberos.c:ads_kinit_password(208)
   kerberos_kinit_password Administrator at DOMAIN.LOCAL failed: Response too big for UDP, retry with TCP
[2007/07/10 08:54:38, 0] utils/net_ads.c:ads_startup(289)
   ads_connect: Response too big for UDP, retry with TCP

I am really stumped here. I have tried to change the kdc entry in krb5.conf
like this:

[realms]
         DOMAIN.LOCAL = {
                 kdc = tcp/srv1.domain.local
         }

but no luck either. FreeBSD 6.2 has Heimdal Kerberos 0.6.3 in it's base
system, I guess this is OK.

Let me also tell you also this: we firstly had a Windows 2000 server and
a Windows 2003 servers as srv1 and srv2, but then we replaced the
2000 with another 2003. This BSD box is a new server as well, previously
I had FreeBSD 5.4 (Samba 3.0.22) and I was ABLE to join it into the ADS
(via the Win2000 server). There is no computer account in the ADS for the
BSD box anymore, so I am trying to create it again (by joining it into the
domain).

Any ideas?

Thanks,
Nejc

More information about the samba mailing list