Ran wireshark on the XP client while joining the domain and saw SAM LOGON
request from client and SAM Active Directory Response - user unknown.

I noticed on the request and the response packets the user name field in
the packet is blank (yes, I am typing the user name and password into the
prompt from the XP machine!).

Any ideas on what causes this? I disabled the windows firewall on the XP
machine as well just to eliminate that as a possibility. On this post (
they have a similar problem but they appear to have already successfully
joined the domain.

On Sat, Sep 15, 2012 at 1:06 AM, John Russell <jb.fr...@gmail.com> wrote:

> Was able to fix one problem with kinit not working. Added the following
> lines to /etc/krb5.conf:
> [realms]
>         EXAMPLE.COM = {
>                 kdc = sogo
>                 admin_server = sogo
>                 default_domain = EXAMPLE.COM
>         }
> [domain_realm]
>         .example.com = EXAMPLE.COM
>         example.com = EXAMPLE.COM
> This gave me the following output when running kinit s...@example.com
> Kerberos: AS-REQ s...@example.com from ipv4: for krbtgt/
> example....@example.com
> Kerberos: Client sent patypes: REQ-ENC-PA-REP
> Kerberos: Looking for PK-INIT(ietf) pa-data -- s...@example.com
> Kerberos: Looking for PK-INIT(win2k) pa-data -- s...@example.com
> Kerberos: Looking for ENC-TS pa-data -- s...@example.com
> Kerberos: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
> Kerberos: AS-REQ s...@example.com from ipv4: for krbtgt/
> example....@example.com
> Kerberos: Client sent patypes: ENC-TS, REQ-ENC-PA-REP
> Kerberos: Looking for PK-INIT(ietf) pa-data -- s...@example.com
> Kerberos: Looking for PK-INIT(win2k) pa-data -- s...@example.com
> Kerberos: Looking for ENC-TS pa-data -- s...@example.com
> Kerberos: ENC-TS Pre-authentication succeeded -- s...@example.com using
> arcfour-hmac-md5
> Kerberos: ENC-TS pre-authentication succeeded -- s...@example.com
> Kerberos: AS-REQ authtime: 2012-09-15T01:02:47 starttime: unset endtime:
> 2012-09-15T11:02:47 renew till: 2012-09-16T01:02:43
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using
> arcfour-hmac-md5/arcfour-hmac-md5
> Kerberos: Requested flags: renewable-ok
> samba_dnsupdate still fails as mentioned before and I still can not join
> an XP client to the domain.
> On Fri, Sep 14, 2012 at 3:54 PM, John Russell <jb.fr...@gmail.com> wrote:
>> Changing direction yet again. I decided do some testing with the latest *SOGo
>> ZEG v2.0.0 rc5 appliance.*
>> Since this is supposed to be a turnkey package with SAMBA4, OpenChange
>> and SOGo all somewhat working together I figured i'd give it a shot.
>> Started up the appliance and try to join an XP client to the "EXAMPLE"
>> domain... FAILED: The error was: "DNS name does not exist." (error code
>> 0x0000232B RCODE_NAME_ERROR)
>> Try to join an XP client to the "OPENCHANGE" domain... FAILED: The error
>> was: "Network path was not found". The DNS lookup partially worked buttail 
>> /var/log/samba/log.sambashowed:
>> RuntimeError: kinit for SOGO$@EXAMPLE.COM failed (Cannot contact any KDC
>> for requested realm)
>> Basically samba_dnsupdate fails with the following output.
>> Traceback (most recent call last):
>>   File "/usr/sbin/samba_dnsupdate", line 485, in <module>
>>     get_credentials(lp)
>>   File "/usr/sbin/samba_dnsupdate", line 120, in get_credentials
>>     creds.get_named_ccache(lp, ccachename)
>> RuntimeError: kinit for SOGO$@EXAMPLE.COM failed (Cannot contact any KDC
>> for requested realm)
>> This is the same problem found here
>> http://thread.gmane.org/gmane.comp.groupware.sogo.user/11358
>> At this point I know I have a KRB/KDC related issue and possibly DNS is
>> not running properly. kinit isnt installed and Bind9 isnt configured 
>> with'--with-dlopen=yes'.
>> Here is the output of
>> /usr/sbin/named -V:
>> BIND 9.8.1-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'
>> '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'
>> '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
>> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
>> '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6'
>> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
>> 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro'
>> using OpenSSL version: OpenSSL 1.0.1 14 Mar 2012
>> using libxml2 version: 2.7.8
>> From here:
>> I installed krb5-user dpkg-dev libkrb5-dev libssl-dev libgeoip-dev
>> Recompiled bind9 with the '--with-dlopen=yes' option
>> Re-provisioned samba4 with domain EXAMPLE and realm EXAMPLE.COM
>> Added tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; to
>> /etc/bind/named.conf.options
>> Copied /var/lib/samba/private/krb5.conf to /etc/krb5.conf
>> Modified /etc/hosts so that "sogo.example.com        sogo" uses
>> interface IP instead of loopback.
>> Restarted bind and samba
>> And still get the same error. Any ideas? Just trying to add a windows
>> client to the domain at this point. Thanks
>> On Tue, Apr 17, 2012 at 1:20 PM, John Russell <jb.fr...@gmail.com> wrote:
>>> Question following HowTo build your own OpenChange/SOGo appliance:
>>> I have been building my own SAMBA4/OpenChange appliance *MOSTLY*following 
>>> the instructions at
>>> http://tracker.openchange.org/projects/openchange/wiki/HowTo_build_your_own_OpenChangeSOGo_appliance
>>> .
>>> I am using Ubuntu-Server 12.04 LTS (Precise Pangolin)
>>> precise-server-amd64.iso
>>> OpenChange from svn co -r 3923
>>> https://svn.openchange.org/openchange/branches/sogo
>>> SAMBA4 - Samba-4.0.0Alpha18
>>> At the step titled "Configure DNS service"
>>> # cd /etc/bind
>>> # mkdir samba
>>> # cp /usr/local/samba/private/named.* samba/
>>> # cp –rfi /usr/local/samba/private/dns samba/
>>> my named.* files are actually in "/usr/local/samba/share/setup/" (no big
>>> deal)
>>> logically I would assume my dns files would be in
>>> "/usr/local/samba/share/setup/dns" but no cookie :(
>>> Find reveals:
>>> find / -name "dns"
>>> /openchange/sogo/samba4/lib/dnspython/dns
>>> /openchange/sogo/samba4/libcli/dns
>>> /openchange/sogo/samba4/bin/default/libcli/dns
>>> /openchange/sogo/samba4/bin/default/source4/dsdb/dns
>>> /openchange/sogo/samba4/source4/selftest/provisions/alpha13/private/dns
>>> /openchange/sogo/samba4/source4/dsdb/dns
>>> /usr/share/pyshared/dns
>>> /usr/lib/python2.7/dist-packages/dns
>>> /usr/src/linux-headers-3.2.0-23-generic/include/config/ceph/lib/use/dns
>>> /usr/src/linux-headers-3.2.0-23-generic/include/config/dns
>>> Does anyone know the correct dns file or directory to copy to the bind
>>> directory?
>>> Thanks
>> --
>> "It's better to be boldly decisive and risk being wrong than to agonize
>> at length and be right too late."
>> Marilyn Moats Kennedy
> --
> "It's better to be boldly decisive and risk being wrong than to agonize at
> length and be right too late."
> Marilyn Moats Kennedy

"It's better to be boldly decisive and risk being wrong than to agonize at
length and be right too late."
Marilyn Moats Kennedy
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to