[Samba] Failing to join an ADS domain
Hi,
I am trying to join a microsoft AD domain using RHEL 5.3. I tried with the
default Samba release (provided by redhat) with no luck. I've just upgraded
to Samba 3.3.6 (using http://ftp.sernet.de/pub/samba/recent/rhel/5/x86_64/)
but it still fails.
The AD domain is example.domain.org and has its own DNS servers.
My /etc/resolv.conf file redirects DNS queries to the AD DC DNS servers and it
works OK.
Furthemore, I would like to *not* use any WINS server and use raw SMB like
Windows 2000+.
[r...@samba ~]# net -d 30 ads join -U ad...@example.domain.org
/tmp/net_command.log 21
Enter ad...@example.domain.org's password:
Segmentation fault
[r...@samba ~]# The output is in the attached file.
Here are my Samba 3.3.6 configuration:
=
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section [smbhome]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = EXAMPLE
realm = EXAMPLE.DOMAIN.ORG
server string = Samba Server
security = ADS
password server = server1.example.domain.org
server2.example.domain.org
log level = 3
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139
name resolve order = host
server signing = auto
client use spnego = No
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 0
local master = No
domain master = No
enhanced browsing = No
idmap uid = 1-2
idmap gid = 1-2
winbind separator = /
winbind use default domain = Yes
hosts allow = 10., 127., 172., 193., 192.
[smbhome]
comment = Test share
path = /home/smbhome
read only = No
inherit acls = Yes
map acl inherit = Yes
veto files = /lost+found/
hide files = /Network Trash Folder/
store dos attributes = Yes
dos filemode = Yes
And here is my /etc/krb5.conf:
===
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.DOMAIN.ORG
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.DOMAIN.ORG = {
kdc = plato.beilux.eib.org
admin_server = 172.18.16.92:749
default_domain = beilux.eib.org
}
[domain_realm]
.example.domain.org = EXAMPLE.DOMAIN.ORG
domain.org = EXAMPLE.DOMAIN.ORG
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Running kinit ... and klist works:
[r...@samba ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ad...@example.domain.org
Valid starting ExpiresService principal
07/02/09 17:20:29 07/03/09 03:20:37
krbtgt/example.domain@example.domain.org
renew until 07/03/09 17:20:29
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[r...@samba ~]#
Thanks in advance for any help / pointers.
Regards.
--
Olivier Cherrier
[2009/07/02 18:11:56, 5] lib/debug.c:debug_dump_status(407)
INFO: Current debug levels:
all: True/30
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2009/07/02 18:11:56, 3] param/loadparm.c:lp_load_ex(8824)
lp_load_ex: refreshing parameters
[2009/07/02 18:11:56, 3] param/loadparm.c:init_globals(4631)
Initialising global parameters
[2009/07/02 18:11:56, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
[2009/07/02 18:11:56, 3] param/loadparm.c:do_section(7487)
Processing section [global]
doing parameter netbios name = SAMBA
[2009/07/02 18:11:56, 4] param/loadparm.c:handle_netbios_name(6827)
handle_netbios_name: set global_myname to: SAMBA
doing parameter server string = Samba Server
doing parameter workgroup = EXAMPLE
doing parameter realm = EXAMPLE.DOMAIN.ORG
doing parameter security = ads
doing parameter encrypt passwords = yes
doing parameter password server = server1.example.domain.org
server2.example.domain.org
doing parameter domain master = no
doing parameter local master = no
doing parameter preferred master = no
doing parameter enhanced browsing = no
doing parameter idmap uid = 1-2
doing parameter idmap gid = 1-2
doing parameter winbind separator = /
doing parameter winbind use default domain = yes
doing parameter log level = 3
doing parameter log file = /var/log/samba/log
Re: [Samba] Failing to join an ADS domain
On Tue, Jul 07, 2009 at 05:22:53AM -0400, o...@symacx.com wrote: Hi, I am trying to join a microsoft AD domain using RHEL 5.3. I tried with the default Samba release (provided by redhat) with no luck. I've just upgraded to Samba 3.3.6 (using http://ftp.sernet.de/pub/samba/recent/rhel/5/x86_64/) but it still fails. The AD domain is example.domain.org and has its own DNS servers. My /etc/resolv.conf file redirects DNS queries to the AD DC DNS servers and it works OK. Hi, Here are some additions: The /etc/resolv.conf file: domain example.domain.org nameserver DC1 nameserver DC2 search example.domain.org I am using NTP and servers are in sync. Attached is a backtrace of the generated core. Thanks, -- Olivier Cherrier - Symacx.com mailto:o...@symacx.com (gdb) bt #0 0x2adc2cb09d80 in strlen () from /lib64/libc.so.6 #1 0x2adc2cad7b19 in vfprintf () from /lib64/libc.so.6 #2 0x2adc2cafa52d in vasprintf () from /lib64/libc.so.6 #3 0x2adc2a2c7334 in dbgtext ( format_str=0x3120202c33353a30 Address 0x3120202c33353a30 out of bounds) at lib/debug.c:1081 #4 0x2adc2a48652c in process_dc_dns (mem_ctx=0x2adc3d9f5070, domain_name=0x2adc3d9f5f10 EXAMPLE.DOMAIN.ORG, flags=1073745937, dclist=0x2adc3d9f6e90, num_dcs=5, info=0x7fff809bce28) at libsmb/dsgetdcname.c:894 #5 0x2adc2a4872c6 in dsgetdcname (mem_ctx=0x2adc3d9f5070, msg_ctx=0x0, domain_name=0x2adc3d9f5f10 EXAMPLE.DOMAIN.ORG, domain_guid=0x0, site_name=0x0, flags=1073745937, info=0x7fff809bd6f8) at libsmb/dsgetdcname.c:1107 #6 0x2adc2a4cf760 in libnet_Join (mem_ctx=0x2adc3d9f5070, r=0x2adc3d9f5240) at libnet/libnet_join.c:1749 #7 0x2adc2a17c968 in net_ads_join (c=0x2adc3d99d650, argc=0, argv=0x2adc3d99dae8) at utils/net_ads.c:1269 #8 0x2adc2a1a4136 in net_run_function (c=0x2adc3d99d650, argc=1, argv=0x2adc3d99dae0, whoami=0x2adc2a4df8f0 net ads, table=0x7fff809bd820) at utils/net_util.c:573 #9 0x2adc2a17b4e0 in net_ads (c=0x2adc3d99d650, argc=1, argv=0x2adc3d99dae0) at utils/net_ads.c:2550 #10 0x2adc2a1a4136 in net_run_function (c=0x2adc3d99d650, argc=2, argv=0x2adc3d99dad8, whoami=0x2adc2a4de34f net, table=0x2adc2a810d20) at utils/net_util.c:573 #11 0x2adc2a17abe0 in main (argc=7, argv=0x7fff809be3f8) at utils/net.c:768 (gdb) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failing to join an ADS domain
On Tue, Jul 07, 2009 at 01:14:20PM +0200, volker.lende...@sernet.de wrote: Here are some additions: The /etc/resolv.conf file: domain example.domain.org nameserver DC1 nameserver DC2 search example.domain.org I am using NTP and servers are in sync. Attached is a backtrace of the generated core. Thanks, Can you get us a network trace of this? Hi Volker, I am sending it to you off list. Thank you, Regards. -- Olivier Cherrier - Symacx.com mailto:o...@symacx.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
