[Samba] Solved (work around): Compiling SAMBA on Solaris 10 to use AD on Windows 2008 server
Tom Hallam
Tom.Hallam at uwa.edu.au
Wed Oct 14 20:05:50 MDT 2009
I ended up upgrading openssl, compiling kerberos from source and
recompiling samba against that. After the recompile I was able to get
Solaris to join the domain with the existing configuration.
It looks like there is some feature in kerberos that samba needs but
kerberos that comes with Solaris does not provide. It's got something
to do with krb5_mk_req_extended but I'm not sure exactly what. I read
somewhere that Solaris (9) only provides the gssapi and not the "older
krb5" interface. This seems no longer to be the case but it does look
like the features available through krb5 may only be partial.
Tom Hallam
Tom Hallam wrote:
> We've just set up a number of linux servers to access our AD server
> (Windows server 2008) and now have to set up a Solaris server. I've
> downloaded, compiled and install Samba (3.4.2), configured kerberos
> and am now trying to get it to join the AD. I get the following error:
>
> samba-3.4.2/source3# net ads join -U username
> Enter username's password:
> [2009/10/13 13:10:42, 0] libads/sasl.c:819(ads_sasl_spnego_bind)
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file
> not configured
> Failed to join domain: failed to connect to AD: krb5 conf file not
> configured
> samba-3.4.2/source3#
>
> If I run with "-d 1" I get:
> ....
> [2009/10/13 13:26:47, 1] libnet/libnet_join.c:1871(libnet_Join)
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'BADGER'
> domain_name : *
> domain_name : 'EEDS.EE.UWA.EDU.AU'
> account_ou : NULL
> admin_account : 'thallam'
> admin_password : *
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> use_kerberos : 0x00 (0)
> secure_channel_type : SEC_CHAN_WKSTA (2)
> [2009/10/13 13:26:48, 1] libsmb/clikrb5.c:786(ads_krb5_mk_req)
> ads_krb5_mk_req: krb5_mk_req_extended failed (krb5 conf file not
> configured)
> [2009/10/13 13:26:48, 0] libads/sasl.c:819(ads_sasl_spnego_bind)
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file
> not configured
> [2009/10/13 13:26:48, 1] libnet/libnet_join.c:1902(libnet_Join)
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : 'EEDS'
> dns_domain_name : 'eeds.ee.uwa.edu.au'
> forest_name : 'eeds.ee.uwa.edu.au'
> dn : NULL
> domain_sid : *
> domain_sid :
> S-1-5-21-2693662547-1243528254-4028546715
> modified_config : 0x00 (0)
> error_string : 'failed to connect to AD: krb5
> conf file not configured'
> domain_is_ad : 0x01 (1)
> result : WERR_GENERAL_FAILURE
> Failed to join domain: failed to connect to AD: krb5 conf file not
> configured
> ....
>
> I've checked the krb5.conf file and it's fine. Issuing tickets etc
> works. Any ideas what the issue is.?
>
> Tom Hallam
More information about the samba
mailing list