[Samba] Re: Domain Member Server problems

William Usher will at willusher.net
Tue Nov 18 23:02:31 GMT 2008 

I figured it out. I had changed my hostname after winbind started. All I
needed to do was restart winbind (svcadm restart winbind).

Hopefully this will help someone else in the future...

On Thu, Nov 13, 2008 at 5:45 PM, William Usher <will at willusher.net> wrote:

> Hi all,
> I'm not having any success adding samba (3.0.28 on Solaris 10) to a Windows
> AD server (2003 R2) per the instructions here: (In addition to much
> googling)
> http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
>
> The error is:
> bash-3.00# /usr/sfw/sbin/net ads join -U Administrator
> Administrator's password:
> Using short domain name -- BETA
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
> Failed to join domain: Type or value exists
>
>
> Thanks for you help. More information below.
>
> Windows AD domain name: beta.local
>
> Background:
> bash-3.00# hostname
> solaris
> bash-3.00# domainname
> beta.local
>
> smb.conf ---------------------------------
>
> [global]
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind separator = +
> workgroup = beta
> server string = Samba
> security = ADS
>
> -----------------------------------------
>
> /etc/krb5/krb5.conf--------------
> [libdefaults]
>         default_realm = BETA.local
>
> [realms]
>        BETA.local = {
>                 kdc = will-ea96ec1f1e.beta.local:
>                 default_domain = beta.local
>         }
>
> [domain_realm]
>         BETA.local = BETA.local
>         .BETA.local = BETA.local
>
> [logging]
>         default = FILE:/var/krb5/kdc.log
>         kdc = FILE:/var/krb5/kdc.log
>         kdc_rotate = {
>
>                 period = 1d
>
>                 versions = 10
>         }
>
> [appdefaults]
>         kinit = {
>                 renewable = true
>                 forwardable= true
>         }
>         gkadmin = {
>                 help_url =
> http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195        }
> -----------------------------------------------
>
>
> ====================================================================
> bash-3.00# /usr/sfw/sbin/net ads join -U Administrator -d3
> [2008/11/13 17:43:35, 3] param/loadparm.c:(5031)
>   lp_load: refreshing parameters
> [2008/11/13 17:43:35, 3] param/loadparm.c:(1430)
>   Initialising global parameters
> [2008/11/13 17:43:35, 3] param/params.c:(572)
>   params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf"
> [2008/11/13 17:43:35, 3] param/loadparm.c:(3770)
>   Processing section "[global]"
> [2008/11/13 17:43:35, 2] lib/interface.c:(81)
>   added interface ip=192.168.0.10 bcast=192.168.0.255 nmask=255.255.255.0
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:35, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> Administrator's password:
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(593)
>   ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file
> found)
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
>   Connecting to host=will-ea96ec1f1e.beta.local
> [2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
>   Connecting to 192.168.0.1 at port 445
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
>   Doing spnego session setup (blob length=115)
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(826)
>   got principal=will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 2] libsmb/cliconnect.c:(613)
>   Doing kerberos session setup
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
>   rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \lsarpc
> fnum 0x4003 bind request returned ok.
> [2008/11/13 17:43:41, 3] rpc_parse/parse_lsa.c:(224)
>   lsa_io_sec_qos: length c does not match size 8
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
>   rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \samr fnum
> 0x4004 bind request returned ok.
> Using short domain name -- BETA
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
>   Connecting to host=will-ea96ec1f1e.beta.local
> [2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
>   Connecting to 192.168.0.1 at port 445
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
>   rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \NETLOGON
> fnum 0x4003 bind request returned ok.
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
>   rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \NETLOGON
> fnum 0x4004 bind request returned ok.
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
>   Connecting to host=will-ea96ec1f1e.beta.local
> [2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
>   Connecting to 192.168.0.1 at port 445
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
>   Doing spnego session setup (blob length=115)
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
>   got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(826)
>   got principal=will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 2] libsmb/cliconnect.c:(613)
>   Doing kerberos session setup
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
>   rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \lsarpc
> fnum 0x4005 bind request returned ok.
> [2008/11/13 17:43:41, 3] rpc_parse/parse_lsa.c:(224)
>   lsa_io_sec_qos: length c does not match size 8
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
>   rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \samr fnum
> 0x4007 bind request returned ok.
> [2008/11/13 17:43:41, 3] libads/ldap.c:(3002)
>   ldap_delete_ext_s succeeded with error code 0
> Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
> Failed to join domain: Type or value exists
> [2008/11/13 17:43:41, 2] utils/net.c:(1036)
>   return code = -1
> bash-3.00#
>
> =====================================
>
> --
> -Will
>



-- 
-Will

More information about the samba mailing list