[Samba] Solaris 10 (sparc) and samba issue

Ravi Channavajhala ravi.channavajhala at dciera.com
Mon May 11 17:08:15 GMT 2009 

Brian, it is Windows 2003/R2.  The config for samba is straightup just
from the global section.  The exact problem I'm having is the net ads
is unable to create the kerberos keytab and I hate to run ktpass and
etc from the win KDC and install them.  Even if I did the ktpass, the
tix are not working....I get constant error 'server not found in
kerberos database' whenever attempting to login.

[global]
   workgroup = WKG
   netbios name = HOST
   security = ads
   password server = x.domain.com
   use kerberos keytab = true
   realm = DOMAIN.COM

[2009/05/11 22:33:30, 10] lib/util.c:(2957)
  name_to_fqdn: lookup for HOST -> HOST.domain.com
[2009/05/11 22:33:30, 3] libads/ldap.c:(2471)
  ads_domain_func_level: 2
[2009/05/11 22:33:30, 3] libads/kerberos.c:(337)
  kerberos_secrets_store_des_salt: Storing salt
"host/HOST.domain.com at DOMAIN.COM"
[2009/05/11 22:33:30, 2] libads/kerberos_keytab.c:(260)
  ads_keytab_add_entry: Using default system keytab: FILE:/etc/krb5/krb5.keytab
[2009/05/11 22:33:30, 5] libads/ldap.c:(1422)
  ads_get_kvno: Searching for host HOST
[2009/05/11 22:33:30, 5] libads/ldap.c:(1440)
  ads_get_kvno: Using: CN=host,OU=NewComputers,DC=domain,DC=com
[2009/05/11 22:33:30, 5] libads/ldap.c:(1459)
  ads_get_kvno: Looked Up KVNO of: 7
[2009/05/11 22:33:30, 3] libads/kerberos_keytab.c:(65)
  smb_krb5_kt_add_entry: Will try to delete old keytab entries
[2009/05/11 22:33:30, 5] libads/kerberos_keytab.c:(105)
  smb_krb5_kt_add_entry: Found old entry for principal:
host/host.domain.com at DOMAIN.COM (kvno 7) - trying to remove it.
[2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(116)
  smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (Cannot write to
specified key table)
[2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(346)
  ads_keytab_add_entry: Failed to add entry to keytab file
[2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(508)
  ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'.
[2009/05/11 22:33:30, 1] utils/net_ads.c:(1644)
  Error creating host keytab!
Joined 'HOST' to realm 'DOMAIN.COM'
[2009/05/11 22:33:30, 2] utils/net.c:(1036)
  return code = 0



On Mon, May 11, 2009 at 10:16 PM, Brian H. Nelson <bnelson at cis.ysu.edu> wrote:
> Ravi,
>
> You don't mention which version of AD your are working with or include any
> relevant config files. Both would be helpful.
>
> Also, it might just be me, but I'm not clear on exactly what problem you're
> having. Maybe you could clarify, list error messages, etc.
>
> You might want to get Solaris patch 119757-14 which gives you samba 3.0.33.
> I don't know if it will help. I had no problems with samba 3.0.28 on Solaris
> 10.
>
> -Brian
>
>
> Ravi Channavajhala wrote:
>>
>> The net ads joins the host to the AD, but cant get the proper kerberos
>> tix.  Manually generating the kerberos keytab from AD  dont work.  Any
>> suggestions?
>>
>> root at host /#head -1 /etc/release
>> Solaris 10 10/08 s10s_u6wos_07b SPARC
>>
>> root at host /usr/sfw/sbin#./smbd -V
>> Version 3.0.28
>>
>> root at host /#for PKG in `pkginfo -x | grep -i samba | awk '{print
>> $1}'`; do VER=`pkginfo -l ${PKG} | grep PSTAMP`; echo ${PKG} ${VER};
>> done
>> SUNWsmbac PSTAMP: sfw10-patch20080310191909
>> SUNWsmbar PSTAMP: sfw10-patch20080723133424
>> SUNWsmbau PSTAMP: sfw10-patch20080723134146
>>
>> Last few relevant lines from net ads with -d10 level debugging.
>>
>> [2009/05/11 20:13:20, 10] libsmb/clientgen.c:(395)
>>  cli_rpc_pipe_close: closed pipe \NETLOGON to machine host.domain.com
>> [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(153)
>>  write_socket(9,39)
>> [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(156)
>>  write_socket(9,39) wrote 39
>> [2009/05/11 20:13:20, 10] lib/util_sock.c:(623)
>>  got smb length of 35
>> [2009/05/11 20:13:20, 5] lib/util.c:(484)
>> [2009/05/11 20:13:20, 5] lib/util.c:(494)
>>  size=35
>>  smb_com=0x71
>>  smb_rcls=0
>>  smb_reh=0
>>  smb_err=0
>>  smb_flg=136
>>  smb_flg2=51201
>>  smb_tid=2050
>>  smb_pid=2945
>>  smb_uid=2050
>>  smb_mid=12
>>  smt_wct=0
>>  smb_bcc=0
>> [2009/05/11 20:13:20, 10] lib/util.c:(2957)
>>  name_to_fqdn: lookup for HOST -> HOST.domain.com
>> [2009/05/11 20:13:20, 3] libads/ldap.c:(2471)
>>  ads_domain_func_level: 2
>> [2009/05/11 20:13:20, 3] libads/kerberos.c:(337)
>>  kerberos_secrets_store_des_salt: Storing salt
>> "host/host.domain.com at DOMAIN.COM"
>> [2009/05/11 20:13:21, 2] libads/kerberos_keytab.c:(260)
>>  ads_keytab_add_entry: Using default system keytab:
>> FILE:/etc/krb5/krb5.keytab
>> [2009/05/11 20:13:21, 5] libads/ldap.c:(1422)
>>  ads_get_kvno: Searching for host HOST
>> [2009/05/11 20:13:21, 5] libads/ldap.c:(1440)
>>  ads_get_kvno: Using: CN=HOST,CN=Computers,DC=domain,DC=com
>> [2009/05/11 20:13:21, 5] libads/ldap.c:(1459)
>>  ads_get_kvno: Looked Up KVNO of: 7
>> [2009/05/11 20:13:21, 3] libads/kerberos_keytab.c:(65)
>>  smb_krb5_kt_add_entry: Will try to delete old keytab entries
>> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(152)
>>  smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (Bad file number)
>> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(346)
>>  ads_keytab_add_entry: Failed to add entry to keytab file
>> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(508)
>>  ads_keytab_create_default: ads_keytab_add_entry failed while adding
>> 'host'.
>> [2009/05/11 20:13:21, 1] utils/net_ads.c:(1644)
>>  Error creating host keytab!
>> Joined 'HOST' to realm 'DOMAIN.COM'
>> [2009/05/11 20:13:21, 2] utils/net.c:(1036)
>>  return code = 0
>>
>
> --
> ---------------------------------------------------
> Brian H. Nelson         Youngstown State University
> System Administrator   Media and Academic Computing
>             bnelson[at]cis.ysu.edu
> ---------------------------------------------------
>

More information about the samba mailing list