[Samba] Domain Member Server problems

William Usher will at willusher.net
Thu Nov 13 22:45:58 GMT 2008 

Hi all,
I'm not having any success adding samba (3.0.28 on Solaris 10) to a Windows
AD server (2003 R2) per the instructions here: (In addition to much
googling)
http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm

The error is:
bash-3.00# /usr/sfw/sbin/net ads join -U Administrator
Administrator's password:
Using short domain name -- BETA
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
Failed to join domain: Type or value exists


Thanks for you help. More information below.

Windows AD domain name: beta.local

Background:
bash-3.00# hostname
solaris
bash-3.00# domainname
beta.local

smb.conf ---------------------------------

[global]
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
workgroup = beta
server string = Samba
security = ADS

-----------------------------------------

/etc/krb5/krb5.conf--------------
[libdefaults]
        default_realm = BETA.local

[realms]
       BETA.local = {
                kdc = will-ea96ec1f1e.beta.local:
                default_domain = beta.local
        }

[domain_realm]
        BETA.local = BETA.local
        .BETA.local = BETA.local

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {

                period = 1d

                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }
        gkadmin = {
                help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195        }
-----------------------------------------------


====================================================================
bash-3.00# /usr/sfw/sbin/net ads join -U Administrator -d3
[2008/11/13 17:43:35, 3] param/loadparm.c:(5031)
  lp_load: refreshing parameters
[2008/11/13 17:43:35, 3] param/loadparm.c:(1430)
  Initialising global parameters
[2008/11/13 17:43:35, 3] param/params.c:(572)
  params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf"
[2008/11/13 17:43:35, 3] param/loadparm.c:(3770)
  Processing section "[global]"
[2008/11/13 17:43:35, 2] lib/interface.c:(81)
  added interface ip=192.168.0.10 bcast=192.168.0.255 nmask=255.255.255.0
[2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:35, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
Administrator's password:
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file
found)
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
  Connecting to host=will-ea96ec1f1e.beta.local
[2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
  Connecting to 192.168.0.1 at port 445
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
  Doing spnego session setup (blob length=115)
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(826)
  got principal=will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 2] libsmb/cliconnect.c:(613)
  Doing kerberos session setup
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
  rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \lsarpc fnum
0x4003 bind request returned ok.
[2008/11/13 17:43:41, 3] rpc_parse/parse_lsa.c:(224)
  lsa_io_sec_qos: length c does not match size 8
[2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
  rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \samr fnum
0x4004 bind request returned ok.
Using short domain name -- BETA
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
  Connecting to host=will-ea96ec1f1e.beta.local
[2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
  Connecting to 192.168.0.1 at port 445
[2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
  rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \NETLOGON
fnum 0x4003 bind request returned ok.
[2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
  rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \NETLOGON
fnum 0x4004 bind request returned ok.
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
  Connecting to host=will-ea96ec1f1e.beta.local
[2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
  Connecting to 192.168.0.1 at port 445
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
  Doing spnego session setup (blob length=115)
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
  got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(826)
  got principal=will-ea96ec1f1e$@BETA.LOCAL
[2008/11/13 17:43:41, 2] libsmb/cliconnect.c:(613)
  Doing kerberos session setup
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
  rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \lsarpc fnum
0x4005 bind request returned ok.
[2008/11/13 17:43:41, 3] rpc_parse/parse_lsa.c:(224)
  lsa_io_sec_qos: length c does not match size 8
[2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
  rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \samr fnum
0x4007 bind request returned ok.
[2008/11/13 17:43:41, 3] libads/ldap.c:(3002)
  ldap_delete_ext_s succeeded with error code 0
Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
Failed to join domain: Type or value exists
[2008/11/13 17:43:41, 2] utils/net.c:(1036)
  return code = -1
bash-3.00#

=====================================

-- 
-Will

More information about the samba mailing list