---------- Original Message ---------------------------------- From: "Errol Neal" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> Date: Fri, 29 Nov 2002 17:13:39 -0800
Hello, In my further investigation, it seems that winbindd cannot locate my kerberos ticket. Or, at least this is what this log output from winbindd >[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220) > Retrying startup domain sid fetch for JCNTV >[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56) > krb5_cc_get_principal failed (No credentials cache found) >[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72) > ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE Am I correct? But I do have a kerberos ticket... isaiah:/usr# /usr/kerberos/bin/klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 11/29/02 17:11:59 11/30/02 03:11:45 [EMAIL PROTECTED] Help would be appreciated... Best Regards, Errol U. Neal ---------- Original Message ---------------------------------- From: "Errol Neal" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> Date: Fri, 29 Nov 2002 07:21:23 -0800 >Hello, > >I am using samba-3.0alpha21 on a out of the box debian-3.0 box trying to join a >native windows 2000 (active directory) domain. I have used alpha18,19,and 20 in the >past with alot of success on red hat and linux from scratch systems with minimum >challenges. However I cannot seem join the domain in this instance. I am using >openldap 2.1.8 and mit kerberos 1.2.7. The result of "net ads join" using alpha19 is >that the command hangs after scrolling about 5 pages of text. Alpha20 segfaults for a >reason unapparent to me and alpha21 hangs, as alpha19 did but only after the first >line. The funny thing is that "net ads status" shows that my system is a member of >the domain, but in starting winbindd, winbindd reports this: > > winbindd version 3.0alpha21 started. > Copyright The Samba Team 2000-2001 >[2002/11/29 07:04:07, 1] nsswitch/winbindd_util.c:add_trusted_domain(140) > Added domain JCNTV >[2002/11/29 07:04:07, 1] libsmb/clikrb5.c:krb5_mk_req2(56) > krb5_cc_get_principal failed (No credentials cache found) >[2002/11/29 07:04:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72) > ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE >[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220) > Retrying startup domain sid fetch for JCNTV >[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56) > krb5_cc_get_principal failed (No credentials cache found) >[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72) > ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE > >I compiled samba like so.. >./configure --prefix=/usr/local/samba3 --with-pam > >Here is a copy of my smb.conf > ># Samba config file created using SWAT ># from 127.0.0.1 (127.0.0.1) ># Date: 2002/09/20 13:46:38 > ># Global parameters >[global] > workgroup = JCNTV > realm = JCNTV.PRIVATE > ADS server = 192.168.0.2 > netbios name = ISAIAH > interfaces = **.**.**.** > bind interfaces only = Yes > security = ADS > wins server = 192.168.0.2 > encrypt passwords = yes > host msdfs = Yes > msdfs root = Yes > winbind gid = 1000-65000 > winbind uid = 1000-65000 > winbind separator = + > >[docroot] > path = /home/var/www > follow symlinks = no > browsable = yes > force create mode = 0664 > force directory mode = 0755 > > >My krb5.conf .. > > >[logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > >[libdefaults] > ticket_lifetime = 24000 > #default_tags_enctypes = des-cbc-crc > #default_tkt_enctypes = des-cbc-crc > default_realm = JCNTV.PRIVATE > dns_lookup_realm = true > dns_lookup_kdc = true > >[realms] > JCNTV.PRIVATE = { > kdc = server2.jcntv.private:88 > default_domain = jcntv.private > } > >[domain_realm] > .jcntv.private = JCNTV.PRIVATE > jcntv.private = JCNTV.PRIVATE > >[kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > >[pam] > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > > >and finally, my ldap.conf.. > ># Your LDAP server. Must be resolvable without using LDAP. >host 192.168.0.2 > ># The distinguished name of the search base. >base dc=jcntv,dc=private > ># The LDAP version to use (defaults to 3 ># if supported by client library) >ldap_version 3 > ># Use SSL ># ssl yes > ># The distinguished name to bind to the server with. ># Optional: default is to bind anonymously. >binddn cn=Administrator,cn=Users,dc=jcntv,dc=private >bindpw JxZ#!@// >#URI ldaps://192.168.0.2:636 ># The credentials to bind with. ># Optional: default is no credential. > ># The port. >#port 636 >port 389 > ># The search scope. >scope sub > >nss_base_passwd cn=Users,DC=jcntv,DC=private?one >nss_base_shadow cn=Users,DC=jcntv,DC=private?one >nss_base_group cn=Group,DC=jcntv,DC=private?one > >nss_map_objectclass posixAccount User >nss_map_attribute uid sAMAccountName >nss_map_attribute homeDirectory msSFUHomeDirectory >nss_map_objectclass posixGroup Group >nss_map_attribute cn msSFUName >nss_map_attribute userPassword msSFUPassword >nss_map_attribute uniqueMember Member > >pam_filter objectclass=user >pam_login_attribute sAMAccountName >pam_password ad > > >Any help would be greatly appreciated. I don't know if this behavior is related to >the version of glibc installed on the machine or what. But again, any help would be >appreciated. > > >Best Regards, > >Errol U. Neal > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba