[Samba] Difficulty in creating and adding principal using net utility

[suresh.kandukuru]

Hi  Jeremy, Jerry and  samba experts,

This is Suresh from EMC .

I am having difficulty in creating and adding a Kerberos principal using 
samba's net utility.
This server is configured as a Winbind client to a
Windows 2003 Active Directory. I've successfully bound it to AD and I am
able to authenticate.

If I log into this host I am properly issued a Kerberos ticket from AD so
it would appear that Kerberos is working properly

Now we are trying to create a principal for nfs service.

root@storage-00S2WW:/usr/local/samba/bin# ./net ads join 
createupn=nfs/storage-00S2WW.EMCSOHO2.LOCAL@EMCSOHO2.LOCAL -U nfsuser
Enter nfsuser's password:
Failed to join domain: failed to find DC for domain EMCSOHO2.LOCAL

After this  if we run the following command, it succeeds.

root@storage-00S2WW:/usr/local/samba/bin# ./net rpc join 
createupn=nfs/storage-00S2WW.EMCSOHO2.LOCAL@EMCSOHO2.LOCAL -U nfsuser
Enter nfsuser's password:
Joined domain EMCSOHO2.

and the error is coming here .
root@storage-ZRMEIN:/usr/local/samba/bin# ./net ads keytab add nfs -U nfsuser
Enter nfsuser's password:
[2011/05/13 02:14:11.121581,  0] libads/ldap.c:3333(ads_get_dnshostname)
  ads_get_dnshostname: No dNSHostName attribute!
[2011/05/13 02:14:11.122782,  0] 
libads/kerberos_keytab.c:286(ads_keytab_add_entry)
  ads_keytab_add_entry: unable to determine machine account's dns name in AD!
root@storage-ZRMEIN:/usr/local/samba/bin#

Following are the set up details:

We are using Samba Version 3.5.6.   Linux Kernel is 2.6.30.

Please note the AD and the host time is proper and reverse lookup is also 
working fine.

The Samba is compiled with following configuration.

                samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
                samba_cv_HAVE_IFACE_IFCONF=yes \
                samba_cv_HAVE_IFACE_IFREQ=yes \
                ac_cv_have_setresuid=yes \
                ac_cv_have_setresgid=yes \
                samba_cv_USE_SETRESUID=yes \
                samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes \
                samba_cv_HAVE_WRFILE_KEYTAB=yes \
                samba_cv_HAVE_OFF64_T=yes \
                samba_cv_have_longlong=yes \
                samba_cv_HAVE_MMAP=yes \
                samba_cv_HAVE_INO64_T=yes \
                samba_cv_CC_NEGATIVE_ENUM_VALUES=yes \
                smb_krb5_cv_enctype_to_string_takes_krb5_context_arg=no \
                smb_krb5_cv_enctype_to_string_takes_size_t_arg=yes \
                ./configure \
                --build=$(GNU_HOST_NAME) \
                --host=$(GNU_TARGET_NAME) \
                --prefix=$(SAMBA_PREFIX) \
                --disable-pie \
                --disable-cups \
                --disable-iprint \
                --disable-external-libtalloc \
                --disable-external-libtdb \
                --with-configdir=/etc/samba \
                --with-logfilebase=/tmp/samba \
                --with-lockdir=/tmp/samba \
                --with-piddir=/tmp/samba \
                --with-swatdir=/tmp/samba \
                --with-privatedir=/etc/samba/private \
                --with-sendfile-support \
                --with-ldap \
                --with-ads \
                --with-krb5=$(TARGET_DIR)/usr/lib \
                --with-pam \
                --with-pammodulesdir=/lib/security \
                --with-pam_smbpass \
                --with-winbind \
                --with-acl-support \
                --with-cifsumount \
                --with-libiconv=$(TARGET_DIR)/usr \
                --with-pthreads \
                --with-libtalloc \
                --with-dnsupdate \
                --with-cachedir=$(SAMBA_CACHE_DIR) \


The following is smb.conf file.

[Global]
server string= Virtual Machine
Workgroup= EMCSOHO2
netbios name= storage-00S2WW
realm= EMCSOHO2.LOCAL
password server= 10.31.162.253
security= ADS
name resolve order= wins host bcast lmhosts
client use spnego= yes
dns proxy= no
winbind use default domain= yes
idmap uid= 5000-50000
idmap gid= 5000-25000
winbind nested groups= yes
inherit acls= yes
winbind enum users= yes
winbind enum groups= yes
winbind separator= \\
winbind cache time= 60
winbind offline logon= true
template shell= /bin/sh
map to guest= Bad User
host msdfs= yes
null passwords= no
restrict anonymous= 0
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printing= cups
printable= no
load printers= yes
max smbd processes= 500
getwd cache= yes
display charset= UTF-8
log level= 0
syslog= 0
max log size= 50
use sendfile= yes
browse directory= /tmp/samba
winbind sequence directory= /tmp/samba

[Printers]
path= /mnt/system/samba/spool
printable= yes
only guest= yes
use client driver= yes
comment= All Printers

[TimeMachine]
path= /mnt/pools/A/A0/TimeMachine/
dfree command= /usr/bin/spaceinfo
max connections= 50
directory mode= 0777
create mode= 0777
follow symlinks= yes
wide links= no
nt acl support= no
dos filemode= no
writeable= yes
public= yes
store dos attributes= yes
write list= guest



Please let me know what I am missing or doing wrong?.


Thanks
Suresh
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba