[Samba] join fails samba 3.2 & ADS 2003R2 SP2
Marc-Andre Vallee
Marc-Andre.Vallee at complys.com
Thu Oct 23 02:33:46 GMT 2008
Hi,
SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1)
When I try to join (net ads join -U Administrator), I get :
Failed to join domain: failed to set machine spn: Can't contact LDAP server
My Pre-2000 domain name is CLSC_COTENEIGES
My DNS ADS name is clsccdn.rtss.qc.ca
DNS is ok, I've created an A/PTR record for linux box, ADS seems ok also (netdiag/dcdiag)
i've tryied adding both servers into /etc/hosts... no results (upper case, lower case..)
I've tryied a couple of things, like modifying my /etc/hosts, /etc/krb5.conf
all seems ok....
When turning debug on (-v10), relevants lines at the ends... :
[2008/10/22 22:11:10, 5] libads/ldap.c:ads_try_connect(188)
ads_try_connect: sending CLDAP request to cls06dlm00036.clsccdn.rtss.qc.ca (realm: clsccdn.rtss.qc.ca)
[2008/10/22 22:11:10, 3] libads/ldap.c:ads_connect(430)
Successfully contacted LDAP server 10.48.128.36
[2008/10/22 22:11:11, 3] libads/ldap.c:ads_connect(480)
Connected to LDAP server cls06dlm00036.clsccdn.rtss.qc.ca
[2008/10/22 22:11:11, 4] libads/ldap.c:ads_current_time(2607)
time offset is -38 seconds
[2008/10/22 22:11:11, 4] libads/sasl.c:ads_sasl_bind(1112)
Found SASL mechanism GSS-SPNEGO
!!! LDAP works !!!
then
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2008/10/22 22:11:11, 5] lib/util.c:show_msg(642)
[2008/10/22 22:11:11, 5] lib/util.c:show_msg(652)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=4099
smb_pid=12818
smb_uid=6146
smb_mid=23
smt_wct=0
smb_bcc=0
[2008/10/22 22:11:11, 1] libnet/libnet_join.c:libnet_Join(1801)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'CLSC_COTENEIGES'
dns_domain_name : 'clsccdn.rtss.qc.ca'
dn : NULL
domain_sid : *
domain_sid : S-1-5-21-669208389-835535488-317593308
modified_config : 0x00 (0)
error_string : 'failed to set machine spn: Can't contact LDAP server'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
My krb5.conf :
[libdefaults]
default_realm = CLSCCDN.RTSS.QC.CA
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CLSCCDN.RTSS.QC.CA = {
kdc = cls06dlm00036.clsccdn.rtss.qc.ca:88
default_domain = clsccdn.rtss.qc.ca
admin_server = cls06dlm00036.clsccdn.rtss.qc.ca:749
}
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.clsccdn.rtss.qc.ca = CLSCCDN.RTSS.QC.CA
[appdefaults]
pam = {
debug = true
validate = false
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
try_first_pass = true
}
THanks list for the help !!
Marc
Marc-Andre Vallee, CLE10, CLP, VCP, CLA, CNA
Coordonnateur des services Linux
Complys technologies inc.
Solutions informatiques sur mesure pour votre entreprise.
Montreal : (514) 645-2875 #103 Quebec : (418) 648-9270 #103
http://www.complys.com
AVIS DE CONFIDENTIALITE: L' information transmise avec ce courrier electronique est de nature privilegie et confidentielle. Elle est destinee l'usage exclusif de son destinataire. Si vous n'etes pas le destinataire vise, vous etes par la presente avise qu'il est strictement interdit d'utiliser cette information, de la copier, la distribuer ou la diffuser. Veuillez s'il vous plait contacter l'expediteur initial du courrier electronique et le detruire de votre ordinateur.
More information about the samba
mailing list