Unable to join AD with HEAD CVS from 6/25/02
John M Trostel
jtrostel at snapserver.com
Mon Jul 8 15:20:58 GMT 2002
OK... I'm stumped. How do I figure out what I'm doing wrong?
This is what I'm doing:
1. [root at jtsdell jt]# kdestroy
2. [root at jtsdell jt]# kinit Administrator at CEO.COM
Password for Administrator at CEO.COM:
3. [root at jtsdell jt]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at CEO.COM
Valid starting Expires Service principal
07/08/02 15:19:57 07/09/02 01:19:57 krbtgt/CEO.COM at CEO.COM
07/08/02 15:21:35 07/09/02 01:19:57 ldap/zephyr at CEO.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
4. [root at jtsdell jt]# /usr/local/samba/bin/net ads join -UAdministrator
[2002/07/08 15:19:52, 5] lib/debug.c:debug_dump_status(359)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
auth: False/0
winbind: False/0
doing parameter wins server = 192.168.10.15
[2002/07/08 15:19:52, 4] lib/wins_srv.c:wins_srv_load_list(139)
wins_srv_load_list(): Building WINS server list:
192.168.10.15,
1 WINS server listed.
doing parameter name resolve order = host bcast
doing parameter winbind separator = /
doing parameter winbind uid = 15000-30000
doing parameter winbind gid = 15000-30000
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter template shell = /bin/bash
doing parameter realm = CEO.COM
doing parameter ads server = zephyr.ceo.com
doing parameter security = ADS
doing parameter encrypt passwords = yes
[2002/07/08 15:19:52, 4] param/loadparm.c:lp_load(3610)
pm_process() returned Yes
[2002/07/08 15:19:52, 7] param/loadparm.c:lp_servicenumber(3716)
lp_servicenumber: couldn't find homes
[2002/07/08 15:19:52, 10] param/loadparm.c:set_server_role(3543)
set_server_role: ROLE_DOMAIN_MEMBER
[2002/07/08 15:19:52, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.10.250 bcast=192.168.10.255
nmask=255.255.255.0
[2002/07/08 15:19:52, 2] lib/interface.c:add_interface(79)
added interface ip=172.16.170.1 bcast=172.16.170.255
nmask=255.255.255.0
Administrator password:
[2002/07/08 15:19:57, 3] libads/ldap.c:ads_connect(83)
Connected to LDAP server zephyr.ceo.com
[2002/07/08 15:19:57, 3] libads/ldap.c:ads_server_info(1409)
got ldap server name zephyr at CEO.COM
[2002/07/08 15:26:17, 0] libads/ldap.c:ads_join_realm(1019)
ads_add_machine_acct: Timed out
ads_join_realm: Timed out
[2002/07/08 15:26:17, 2] utils/net.c:main(482)
return code = -1
Here is my /usr/local/samba/lib/smb.conf:
# Global parameters
[global]
workgroup = CEO
netbios name = JTSDELL
server string = My new experimental XFS Samba Server
printing = bsd
printcap name = /etc/printcap
load printers = yes
guest account = nobody
encrypt passwords = Yes
update encrypted = Yes
os level = 0
preferred master = False
local master = No
domain master = False
#
# REMOVED for ADS tests
# security = server
# password server = *
#
smb passwd file = /usr/local/samba/private/smbpasswd
debug level = 10
wins server = 192.168.10.15
name resolve order = host bcast
# separate domain and username with '+', like DOMAIN+username
winbind separator = /
# set uid and gid ranges
winbind uid = 15000-30000
winbind gid = 15000-30000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet
access)
template shell = /bin/bash
#
# Kerberos AD info
#
realm = CEO.COM
ads server = zephyr.ceo.com
security = ADS
encrypt passwords = yes
[Public]
path = /mnt/xfs_part
public = yes
read only = No
create mask = 774
force create mode = 0
directory mask = 774
force directory mode = 0
directory security mask = 777
force directory security mode = 0
[printers]
comment = All Printers
browseable = no
printable = yes
public = no
writable = no
create mode = 0700
And my /etc/krb5.conf
[realms]
CEO.COM = {
kdc = ZEPHYR.CEO.COM
}
Note that zephyr.ceo.com is included in local /etc/hosts file.
--
John M. Trostel
Senior Software Engineer
Quantum Corp. / SSG
john.trostel at quantum.com
More information about the samba-technical
mailing list