[Samba] Difficulty in creating and adding principal using net utility

suresh.kandukuru at emc.com suresh.kandukuru at emc.com
Fri May 13 09:47:58 MDT 2011

Hi  Jeremy, Jerry and  samba experts,

This is Suresh from EMC .

I am having difficulty in creating and adding a Kerberos principal using samba's net utility.
This server is configured as a Winbind client to a
Windows 2003 Active Directory. I've successfully bound it to AD and I am
able to authenticate.

If I log into this host I am properly issued a Kerberos ticket from AD so
it would appear that Kerberos is working properly

Now we are trying to create a principal for nfs service.

root at storage-00S2WW:/usr/local/samba/bin# ./net ads join createupn=nfs/storage-00S2WW.EMCSOHO2.LOCAL at EMCSOHO2.LOCAL -U nfsuser
Enter nfsuser's password:
Failed to join domain: failed to find DC for domain EMCSOHO2.LOCAL

After this  if we run the following command, it succeeds.

root at storage-00S2WW:/usr/local/samba/bin# ./net rpc join createupn=nfs/storage-00S2WW.EMCSOHO2.LOCAL at EMCSOHO2.LOCAL -U nfsuser
Enter nfsuser's password:
Joined domain EMCSOHO2.

and the error is coming here .
root at storage-ZRMEIN:/usr/local/samba/bin# ./net ads keytab add nfs -U nfsuser
Enter nfsuser's password:
[2011/05/13 02:14:11.121581,  0] libads/ldap.c:3333(ads_get_dnshostname)
  ads_get_dnshostname: No dNSHostName attribute!
[2011/05/13 02:14:11.122782,  0] libads/kerberos_keytab.c:286(ads_keytab_add_entry)
  ads_keytab_add_entry: unable to determine machine account's dns name in AD!
root at storage-ZRMEIN:/usr/local/samba/bin#

Following are the set up details:

We are using Samba Version 3.5.6.   Linux Kernel is 2.6.30.

Please note the AD and the host time is proper and reverse lookup is also working fine.

The Samba is compiled with following configuration.

                samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
                samba_cv_HAVE_IFACE_IFCONF=yes \
                samba_cv_HAVE_IFACE_IFREQ=yes \
                ac_cv_have_setresuid=yes \
                ac_cv_have_setresgid=yes \
                samba_cv_USE_SETRESUID=yes \
                samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes \
                samba_cv_HAVE_WRFILE_KEYTAB=yes \
                samba_cv_HAVE_OFF64_T=yes \
                samba_cv_have_longlong=yes \
                samba_cv_HAVE_MMAP=yes \
                samba_cv_HAVE_INO64_T=yes \
                samba_cv_CC_NEGATIVE_ENUM_VALUES=yes \
                smb_krb5_cv_enctype_to_string_takes_krb5_context_arg=no \
                smb_krb5_cv_enctype_to_string_takes_size_t_arg=yes \
                ./configure \
                --build=$(GNU_HOST_NAME) \
                --host=$(GNU_TARGET_NAME) \
                --prefix=$(SAMBA_PREFIX) \
                --disable-pie \
                --disable-cups \
                --disable-iprint \
                --disable-external-libtalloc \
                --disable-external-libtdb \
                --with-configdir=/etc/samba \
                --with-logfilebase=/tmp/samba \
                --with-lockdir=/tmp/samba \
                --with-piddir=/tmp/samba \
                --with-swatdir=/tmp/samba \
                --with-privatedir=/etc/samba/private \
                --with-sendfile-support \
                --with-ldap \
                --with-ads \
                --with-krb5=$(TARGET_DIR)/usr/lib \
                --with-pam \
                --with-pammodulesdir=/lib/security \
                --with-pam_smbpass \
                --with-winbind \
                --with-acl-support \
                --with-cifsumount \
                --with-libiconv=$(TARGET_DIR)/usr \
                --with-pthreads \
                --with-libtalloc \
                --with-dnsupdate \
                --with-cachedir=$(SAMBA_CACHE_DIR) \

The following is smb.conf file.

server string= Virtual Machine
Workgroup= EMCSOHO2
netbios name= storage-00S2WW
password server=
security= ADS
name resolve order= wins host bcast lmhosts
client use spnego= yes
dns proxy= no
winbind use default domain= yes
idmap uid= 5000-50000
idmap gid= 5000-25000
winbind nested groups= yes
inherit acls= yes
winbind enum users= yes
winbind enum groups= yes
winbind separator= \\
winbind cache time= 60
winbind offline logon= true
template shell= /bin/sh
map to guest= Bad User
host msdfs= yes
null passwords= no
restrict anonymous= 0
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printing= cups
printable= no
load printers= yes
max smbd processes= 500
getwd cache= yes
display charset= UTF-8
log level= 0
syslog= 0
max log size= 50
use sendfile= yes
browse directory= /tmp/samba
winbind sequence directory= /tmp/samba

path= /mnt/system/samba/spool
printable= yes
only guest= yes
use client driver= yes
comment= All Printers

path= /mnt/pools/A/A0/TimeMachine/
dfree command= /usr/bin/spaceinfo
max connections= 50
directory mode= 0777
create mode= 0777
follow symlinks= yes
wide links= no
nt acl support= no
dos filemode= no
writeable= yes
public= yes
store dos attributes= yes
write list= guest

Please let me know what I am missing or doing wrong?.


More information about the samba mailing list