[Samba] Re: Domain Member Server problems
William Usher
will at willusher.net
Tue Nov 18 23:02:31 GMT 2008
I figured it out. I had changed my hostname after winbind started. All I
needed to do was restart winbind (svcadm restart winbind).
Hopefully this will help someone else in the future...
On Thu, Nov 13, 2008 at 5:45 PM, William Usher <will at willusher.net> wrote:
> Hi all,
> I'm not having any success adding samba (3.0.28 on Solaris 10) to a Windows
> AD server (2003 R2) per the instructions here: (In addition to much
> googling)
> http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
>
> The error is:
> bash-3.00# /usr/sfw/sbin/net ads join -U Administrator
> Administrator's password:
> Using short domain name -- BETA
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
> Failed to join domain: Type or value exists
>
>
> Thanks for you help. More information below.
>
> Windows AD domain name: beta.local
>
> Background:
> bash-3.00# hostname
> solaris
> bash-3.00# domainname
> beta.local
>
> smb.conf ---------------------------------
>
> [global]
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind separator = +
> workgroup = beta
> server string = Samba
> security = ADS
>
> -----------------------------------------
>
> /etc/krb5/krb5.conf--------------
> [libdefaults]
> default_realm = BETA.local
>
> [realms]
> BETA.local = {
> kdc = will-ea96ec1f1e.beta.local:
> default_domain = beta.local
> }
>
> [domain_realm]
> BETA.local = BETA.local
> .BETA.local = BETA.local
>
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> kdc_rotate = {
>
> period = 1d
>
> versions = 10
> }
>
> [appdefaults]
> kinit = {
> renewable = true
> forwardable= true
> }
> gkadmin = {
> help_url =
> http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 }
> -----------------------------------------------
>
>
> ====================================================================
> bash-3.00# /usr/sfw/sbin/net ads join -U Administrator -d3
> [2008/11/13 17:43:35, 3] param/loadparm.c:(5031)
> lp_load: refreshing parameters
> [2008/11/13 17:43:35, 3] param/loadparm.c:(1430)
> Initialising global parameters
> [2008/11/13 17:43:35, 3] param/params.c:(572)
> params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf"
> [2008/11/13 17:43:35, 3] param/loadparm.c:(3770)
> Processing section "[global]"
> [2008/11/13 17:43:35, 2] lib/interface.c:(81)
> added interface ip=192.168.0.10 bcast=192.168.0.255 nmask=255.255.255.0
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:35, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> Administrator's password:
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
> ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(593)
> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file
> found)
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
> ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
> Connecting to host=will-ea96ec1f1e.beta.local
> [2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
> Connecting to 192.168.0.1 at port 445
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
> Doing spnego session setup (blob length=115)
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(826)
> got principal=will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 2] libsmb/cliconnect.c:(613)
> Doing kerberos session setup
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
> rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \lsarpc
> fnum 0x4003 bind request returned ok.
> [2008/11/13 17:43:41, 3] rpc_parse/parse_lsa.c:(224)
> lsa_io_sec_qos: length c does not match size 8
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
> rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \samr fnum
> 0x4004 bind request returned ok.
> Using short domain name -- BETA
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
> Connecting to host=will-ea96ec1f1e.beta.local
> [2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
> Connecting to 192.168.0.1 at port 445
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
> rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \NETLOGON
> fnum 0x4003 bind request returned ok.
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
> rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \NETLOGON
> fnum 0x4004 bind request returned ok.
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
> ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
> ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
> ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
> get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
> Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
> ads_sasl_spnego_bind: got server principal name =
> will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
> Connecting to host=will-ea96ec1f1e.beta.local
> [2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
> Connecting to 192.168.0.1 at port 445
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
> Doing spnego session setup (blob length=115)
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(818)
> got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(826)
> got principal=will-ea96ec1f1e$@BETA.LOCAL
> [2008/11/13 17:43:41, 2] libsmb/cliconnect.c:(613)
> Doing kerberos session setup
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
> rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \lsarpc
> fnum 0x4005 bind request returned ok.
> [2008/11/13 17:43:41, 3] rpc_parse/parse_lsa.c:(224)
> lsa_io_sec_qos: length c does not match size 8
> [2008/11/13 17:43:41, 3] rpc_client/cli_pipe.c:(2081)
> rpc_pipe_bind: Remote machine will-ea96ec1f1e.beta.local pipe \samr fnum
> 0x4007 bind request returned ok.
> [2008/11/13 17:43:41, 3] libads/ldap.c:(3002)
> ldap_delete_ext_s succeeded with error code 0
> Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
> Failed to join domain: Type or value exists
> [2008/11/13 17:43:41, 2] utils/net.c:(1036)
> return code = -1
> bash-3.00#
>
> =====================================
>
> --
> -Will
>
--
-Will
More information about the samba
mailing list