My original message did not seem to come through, so I'm including it
in this message.
Update to the Symptoms: It does not matter which user or password
(wrong/correct) I use for
"net ads join", it fails in any case.
This is really confusing.
Begin forwarded message:
Hi List,
this is gonna be a really funky/interesting/uncommon error you're
going to deal with (if you do).
Developer(s): I'd be really happy if you can point me at the right
source files or describe at which
stage of the "discussion" between my servers fail. This might be of
some use..
But let's get to the facts:
SYMPTOMS
--------
1) Invoked "kinit", no error messages are generated, verbose mode
says "Authenticated to Kerberos v5".
2) "klist" thereafter returns a valid ticket.
3) Trying to join the AD with "net ads join" et cetera however
results in a "ads_connect: Operations error" after about 40 seconds.
4) "net" exits with errcode -1 (looks like an unspecified error to
me?)
Further investigation revealed that "net" indeed can connect to the
PDC, but fails with the errors described above.
MORE DETAILED OUTPUT OF TOOLS
-----------------------------
Unfortunately, the debug output of "net" does not help a lot, even
with level 10. Here's the interesting part:
--snip--
[2007/02/27 14:35:14, 3] libads/ldap.c:ads_connect(287)
Connected to LDAP server 192.168.0.4
[2007/02/27 14:35:54, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Operations error
[2007/02/27 14:35:54, 2] utils/net.c:main(988)
return code = -1
--snap--
Please note 40 seconds gap between the first two messages.
CURRENT SETUP
-------------
- Windows 2003 Active Directory (functional level 2003, not 2000
native).
- Linux 2.6.18.2-34, custom kernel, recent SuSE 10.2 distribution
- Samba 3.0.24-SerNet-SuSE
ADDITIONAL INFORMATION
----------------------
The whole thing was working until recently. After it stopped
working, I've done several things:
- tweaked configurations several times (use DNS or fixed IP's /
minimal config / etc.)
- removed the Samba server from the domain in order to rejoin it
(helped in an earlier situation)
- updated Samba (from 3.0.23d to 3.0.24)
- raised the AD functional level
- checked kerberos messages on windows
- the usual google, man-page and mailing-list-crawling, even looked
at the sources
ASSUMPTIONS
-----------
I assume that an unspecified service on the windows-side fails and
causes the communication to halt (or similar), which in turn
triggers a timeout.
Thanks in advance to anyone helping me out with this very strange
error.
Cheers,
Roman
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
