[Samba] Re: [3.0.25] "net ads join" problems
Bernd Schubert
bs at q-leap.de
Wed Jul 18 14:35:42 GMT 2007
On Wednesday 18 July 2007 12:14:38 Bernd Schubert wrote:
> [2007/07/18 12:12:07, 2] libads/ldap.c:ldap_open_with_timeout(70)
> Could not open LDAP connection to ads-2k3.ads2k3.q-leap.de:389: No such
This could be solved by adding ads-2k3.ads2k3.q-leap.de to the /etc/hosts, the
problem is probably due to a windows misconfiguration. I just wonder why it
hasn't been a problem with samba-3.0.22
Still, our main problems remains.
255 ha-test-1(new):/var/lock# net ads join
Password:
Password? We have a kerberos ticket and with samba-3.0.22 it doesn't ask for a
password.
===============================================================================
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/ha-test-1 at ADS2K3.Q-LEAP.DE
Valid starting Expires Service principal
07/18/07 16:27:37 07/19/07 02:27:37 krbtgt/ADS2K3.Q-LEAP.DE at ADS2K3.Q-LEAP.DE
renew until 07/25/07 16:27:37
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
===============================================================================
So lets proceed without providing a password, but now with debug messages
enabled.
[2007/07/18 16:28:58, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Thu, 19 Jul 2007 02:27:37 CEST
[2007/07/18 16:28:58, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
ads_krb5_mk_req: Ticket (ads-2k3$@ADS2K3.Q-LEAP.DE) in ccache
(FILE:/tmp/krb5cc_0) is valid until: (Thu, 19 Jul 2007 02:27:37 CEST -
1184804857)
[2007/07/18 16:28:58, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
Got KRB5 session key of length 16
Password:
[...]
[2007/07/18 16:29:38, 10] libads/sasl.c:ads_sasl_spnego_bind(262)
ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling
kinit
[2007/07/18 16:29:38, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
kerberos_kinit_password: using [MEMORY:net_ads] as ccache and config
[/var/lock/smb_krb5/krb5.conf.ADS2K3]
[2007/07/18 16:29:38, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password root at ADS2K3.Q-LEAP.DE failed: Client not found in
Kerberos database
Failed to disable machine account in AD. Please do so manually.
Failed to join domain: Type or value exists
[2007/07/18 16:29:39, 2] utils/net.c:main(1032)
return code = -1
Why is it here trying to get a ticket for "root at ADS2K3.Q-LEAP.DE"? With
samba-3.0.22 it only tried to get tickets
like "host-ha-test-2 at ADS2K3.Q-LEAP.DE"
I'm rather lost here, the sources differ rather much between 3.0.22 and 3.0.25
and its behaviour also does differ. But so far I didn't find any
documentation about ads configuration changes.
Any help is appreciated.
Thanks in advance,
Bernd
--
Bernd Schubert
Q-Leap Networks GmbH
More information about the samba
mailing list