RE: [Samba] net ads join fails
No neither /var/kerberos/krb5kdc/ nor /var/log/krb5/ exist is this part of the
problem?
For Craig White and anyone new to the problem here are the outputs of some
files.
cat /etc/resolv.conf
search ellisonslegal.com
domain ellisonslegal.com
nameserver 10.0.0.31
cat /etc/krb5.conf
[libdefaults]
default_realm = ELLISONSLEGAL.COM
clockskew = 300
dns_lookup_realm = true
dns_lookup_kdc = true
[domain_realm]
ellisonslegal.com = ELLISONSLEGAL.COM
.ellisonslegal.com = ELLISONSLEGAL.COM
[realms]
ELLISONSLEGAL.COM = {
kdc = 10.0.0.31
default_domain = ELLNET
admin_server = 10.0.0.31
}
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}
kinit Administrator
and/or
kinit [EMAIL PROTECTED]
I do not have the kinit command
I am running Samba 3.0.13 on Suse Linux 9.0
Thank you for your help
Penny
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 11 April 2005 16:57
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
Try that, it is working for me
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm = BLABLA.COM
forwardable = true
proxiable = true
[realms]
BLABLA.COM = {
kdc = ip_address_of_kdc
default_domain = blabla.com
}
[domain_realm]
.blabla.com = BLABLA.COM
blabla.com = BLABLA.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
Check if /var/kerberos/krb5kdc/ and /var/log/krb5/ exist , also replace
BLABLA.COM and blabla.com with the right value
Radu STANUC
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Penny Willisson
Sent: Monday, April 11, 2005 3:43 PM
To: Gordon Hopper; [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Subject: RE: [Samba] net ads join fails
I have recreated my dns pointers without success and I think my krb5.conf
file is configured correctly. First I left this to Yast to set up but that
didn't work and then I tried to modify it from a article I found.
I have pasted it in below
[libdefaults]
#default_realm = ellisonslegal.com
clockskew = 300
[realms]
ELLISONSLEGAL.COM = {
kdc = apps.ellisonslegal.com
#default_domain = ELLNET
#kpasswd_server = apps.ellisonslegal.com
}
#ELLISONSLEGAL.COM = {
# kdc = APPS.ELLISONSLEGAL.COM
# admin_server = APPS.ELLISONSLEGAL.COM
# kpasswd_server = APPS.ELLISONSLEGAL.COM
#}
#OTHER.REALM = {
# kdc = OTHER.COMPUTER
#}
[domain_realm]
# .my.domain = MY.REALM
.ellisonslegal.com = ELLISONSLEGAL.COM
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Dimitri would you be able to repost that link for the HOW-TO please? I
tried it but it seems like it is broken, do you have the updated link?
Thanks for your continued help.
Penny
-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED]
Sent: 09 April 2005 00:23
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
You might need to add some entries to your krb5.conf file. for example:
[realms]
ellisonslegal.com = {
kdc = domain.controller.ellisonslegal.com:88
}
Where kdc points to a domain controller. Doesn't need to be the primary
domain controller, choose one close by for best performance. (You
shouldn't need to do this if your DNS for the domain resolves to a domain
controller.)
Gordon
On Fri, 2005-04-08 at 15:41 +0100, Penny Willisson wrote:
Thanks
When I run 'kinit administrator' I get the following error
kinit: krb5_get_init_creds: unable to reach any KDC in realm
ellisonslegal.com
any ideas???
-Original Message-
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED] Behalf Of
Dimitri Yioulos
Sent: 08 April 2005 13:30
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine account on the AD server and did this
logged in
as Administrator so that should mean that the Administrator account
has the
correct permissions.
I have executed the following command as suggested
net ads join [EMAIL PROTECTED] -d 2
The following was output to the screen:
[2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
[2005/04/08 13:33:41, 0] libads
RE: [Samba] net ads join fails
I have recreated my dns pointers without success and I think my krb5.conf file
is configured correctly. First I left this to Yast to set up but that didn't
work and then I tried to modify it from a article I found.
I have pasted it in below
[libdefaults]
#default_realm = ellisonslegal.com
clockskew = 300
[realms]
ELLISONSLEGAL.COM = {
kdc = apps.ellisonslegal.com
#default_domain = ELLNET
#kpasswd_server = apps.ellisonslegal.com
}
#ELLISONSLEGAL.COM = {
# kdc = APPS.ELLISONSLEGAL.COM
# admin_server = APPS.ELLISONSLEGAL.COM
# kpasswd_server = APPS.ELLISONSLEGAL.COM
#}
#OTHER.REALM = {
# kdc = OTHER.COMPUTER
#}
[domain_realm]
# .my.domain = MY.REALM
.ellisonslegal.com = ELLISONSLEGAL.COM
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Dimitri would you be able to repost that link for the HOW-TO please? I tried
it but it seems like it is broken, do you have the updated link?
Thanks for your continued help.
Penny
-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED]
Sent: 09 April 2005 00:23
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
You might need to add some entries to your krb5.conf file. for example:
[realms]
ellisonslegal.com = {
kdc = domain.controller.ellisonslegal.com:88
}
Where kdc points to a domain controller. Doesn't need to be the primary domain
controller, choose one close by for best performance. (You shouldn't need to
do this if your DNS for the domain resolves to a domain controller.)
Gordon
On Fri, 2005-04-08 at 15:41 +0100, Penny Willisson wrote:
Thanks
When I run 'kinit administrator' I get the following error
kinit: krb5_get_init_creds: unable to reach any KDC in realm ellisonslegal.com
any ideas???
-Original Message-
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED] Behalf Of
Dimitri Yioulos
Sent: 08 April 2005 13:30
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine account on the AD server and did this logged in
as Administrator so that should mean that the Administrator account has the
correct permissions.
I have executed the following command as suggested
net ads join [EMAIL PROTECTED] -d 2
The following was output to the screen:
[2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
[2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed:
Unknown code krb5 156
[2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Unknown code krb5 156
[2005/04/08 13:33:41, 2] utils/net.c:main(897)
return code = -1
Thanks
Penny
-Original Message-
From: Gordon Hopper [mailto: [EMAIL PROTECTED]
Sent: 06 April 2005 05:28
To: Penny Willisson
Subject: Re: [Samba] net ads join fails
[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown
code krb5 156
[2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Unknown code krb5 156
I suggest you post the output of the command you are running to join the
domain (including the command), for example, net ads join -U
[EMAIL PROTECTED] -d 2.
Also, note that the credentials you use to join the domain are not
necessarily the domain Administrator, but they need to be a user who has
write privileges to the ads folder where the machine account will be
created. (It worked better for me when the machine account was already
created in server manager, but according to the docs, that shouldn't be
necessary.)
It almost looks like the password failed. Or perhaps the folde
r you
specified for the machine account does not exist.
Regards,
Gordon Hopper
Try the command kinit Administrator (or [EMAIL PROTECTED]). You
should be prompted for a password. If, after entering the password, you're
returned to a prompt with no further output then, in theory at least, your
Kerberos setup is OK. If you get errors, well ... Run that first, then try
net ads join -U [EMAIL PROTECTED]
A good how-to can be found at: http://www.ulug.org.nz/ActiveDirectorySamba.
HTH.
Dimitri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
FW: [Samba] net ads join fails
Ok I deleted the incorrect conf file and set it up using Yast again here is the
amended file. I tried using the IP address of the server this time but I'm
still getting the same errors as before.
[libdefaults]
default_realm = ELLISONSLEGAL.COM
clockskew = 300
[domain_realm]
.ELLNET = ELLISONSLEGAL.COM
[realms]
ELLISONSLEGAL.COM = {
kdc = 10.0.0.31
default_domain = ELLNET
kpasswd_server = 10.0.0.31
}
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}
Thanks
-Original Message-
From: Penny Willisson
Sent: 11 April 2005 14:43
To: 'Gordon Hopper'; '[EMAIL PROTECTED]'
Cc: Dimitri Yioulos; samba@lists.samba.org
Subject: RE: [Samba] net ads join fails
I have recreated my dns pointers without success and I think my krb5.conf file
is configured correctly. First I left this to Yast to set up but that didn't
work and then I tried to modify it from a article I found.
I have pasted it in below
[libdefaults]
#default_realm = ellisonslegal.com
clockskew = 300
[realms]
ELLISONSLEGAL.COM = {
kdc = apps.ellisonslegal.com
#default_domain = ELLNET
#kpasswd_server = apps.ellisonslegal.com
}
#ELLISONSLEGAL.COM = {
# kdc = APPS.ELLISONSLEGAL.COM
# admin_server = APPS.ELLISONSLEGAL.COM
# kpasswd_server = APPS.ELLISONSLEGAL.COM
#}
#OTHER.REALM = {
# kdc = OTHER.COMPUTER
#}
[domain_realm]
# .my.domain = MY.REALM
.ellisonslegal.com = ELLISONSLEGAL.COM
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Dimitri would you be able to repost that link for the HOW-TO please? I tried
it but it seems like it is broken, do you have the updated link?
Thanks for your continued help.
Penny
-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED]
Sent: 09 April 2005 00:23
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
You might need to add some entries to your krb5.conf file. for example:
[realms]
ellisonslegal.com = {
kdc = domain.controller.ellisonslegal.com:88
}
Where kdc points to a domain controller. Doesn't need to be the primary domain
controller, choose one close by for best performance. (You shouldn't need to
do this if your DNS for the domain resolves to a domain controller.)
Gordon
On Fri, 2005-04-08 at 15:41 +0100, Penny Willisson wrote:
Thanks
When I run 'kinit administrator' I get the following error
kinit: krb5_get_init_creds: unable to reach any KDC in realm ellisonslegal.com
any ideas???
-Original Message-
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED] Behalf Of
Dimitri Yioulos
Sent: 08 April 2005 13:30
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine account on the AD server and did this logged in
as Administrator so that should mean that the Administrator account has the
correct permissions.
I have executed the following command as suggested
net ads join [EMAIL PROTECTED] -d 2
The following was output to the screen:
[2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
[2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed:
Unknown code krb5 156
[2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Unknown code krb5 156
[2005/04/08 13:33:41, 2] utils/net.c:main(897)
return code = -1
Thanks
Penny
-Original Message-
From: Gordon Hopper [mailto: [EMAIL PROTECTED]
Sent: 06 April 2005 05:28
To: Penny Willisson
Subject: Re: [Samba] net ads join fails
[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown
code krb5 156
[2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Unknown code krb5 156
I suggest you post the output of the command you are running to join the
domain (including the command), for example, net ads join -U
[EMAIL PROTECTED] -d 2.
Also, note that the credentials you use to join the domain are not
necessarily the domain Administrator, but they need to be a user who has
write privileges to the ads folder where the machine account will be
created. (It worked better for me when the machine account was already
created in server manager, but according to the docs, that shouldn't be
necessary.)
It almost looks like the password
RE: FW: [Samba] net ads join fails
Sorry the same problem is still happening.
Thanks
-Original Message-
From: Dimitri Yioulos [mailto:[EMAIL PROTECTED]
Sent: 11 April 2005 16:38
To: Penny Willisson
Subject: Re: FW: [Samba] net ads join fails
OK, this is closer.
Change [realms] kpasswd_server to admin_server.
I also believe that [domain realm] should read:
ellisonlegal.com = ELLISONLEGAL.COM
.ellisonlegal.com = ELLISONLEGAL.COM
I would add to [libdefaults]:
dns_lookup_realm = true
dns_lookup_kdc = true
Try this and report back (like a good IT soldier :-) )
Dimitri
On Monday 11 April 2005 10:58 am, you wrote:
Ok I deleted the incorrect conf file and set it up using Yast again here is
the amended file. I tried using the IP address of the server this time but
I'm still getting the same errors as before.
[libdefaults]
default_realm = ELLISONSLEGAL.COM
clockskew = 300
[domain_realm]
.ELLNET = ELLISONSLEGAL.COM
[realms]
ELLISONSLEGAL.COM = {
kdc = 10.0.0.31
default_domain = ELLNET
kpasswd_server = 10.0.0.31
}
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}
Thanks
-Original Message-
From: Penny Willisson
Sent: 11 April 2005 14:43
To: 'Gordon Hopper'; '[EMAIL PROTECTED]'
Cc: Dimitri Yioulos; samba@lists.samba.org
Subject: RE: [Samba] net ads join fails
I have recreated my dns pointers without success and I think my krb5.conf
file is configured correctly. First I left this to Yast to set up but that
didn't work and then I tried to modify it from a article I found.
I have pasted it in below
[libdefaults]
#default_realm = ellisonslegal.com
clockskew = 300
[realms]
ELLISONSLEGAL.COM = {
kdc = apps.ellisonslegal.com
#default_domain = ELLNET
#kpasswd_server = apps.ellisonslegal.com
}
#ELLISONSLEGAL.COM = {
# kdc = APPS.ELLISONSLEGAL.COM
# admin_server = APPS.ELLISONSLEGAL.COM
# kpasswd_server = APPS.ELLISONSLEGAL.COM
#}
#OTHER.REALM = {
# kdc = OTHER.COMPUTER
#}
[domain_realm]
# .my.domain = MY.REALM
.ellisonslegal.com = ELLISONSLEGAL.COM
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Dimitri would you be able to repost that link for the HOW-TO please? I
tried it but it seems like it is broken, do you have the updated link?
Thanks for your continued help.
Penny
-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED]
Sent: 09 April 2005 00:23
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
You might need to add some entries to your krb5.conf file. for example:
[realms]
ellisonslegal.com = {
kdc = domain.controller.ellisonslegal.com:88
}
Where kdc points to a domain controller. Doesn't need to be the primary
domain controller, choose one close by for best performance. (You
shouldn't need to do this if your DNS for the domain resolves to a domain
controller.)
Gordon
On Fri, 2005-04-08 at 15:41 +0100, Penny Willisson wrote:
Thanks
When I run 'kinit administrator' I get the following error
kinit: krb5_get_init_creds: unable to reach any KDC in realm
ellisonslegal.com
any ideas???
-Original Message-
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED] Behalf Of
Dimitri Yioulos
Sent: 08 April 2005 13:30
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine account on the AD server and did this logged
in
as Administrator so that should mean that the Administrator account has
the
correct permissions.
I have executed the following command as suggested
net ads join [EMAIL PROTECTED] -d 2
The following was output to the screen:
[2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
[2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed:
Unknown code krb5 156
[2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Unknown code krb5 156
[2005/04/08 13:33:41, 2] utils/net.c:main(897)
return code = -1
Thanks
Penny
-Original Message-
From: Gordon Hopper [mailto: [EMAIL PROTECTED]
Sent: 06 April 2005 05:28
To: Penny Willisson
Subject: Re: [Samba] net ads join fails
[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
directory)
[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146
RE: [Samba] net ads join fails
Hi I have created the machine account on the AD server and did this logged in as Administrator so that should mean that the Administrator account has the correct permissions. I have executed the following command as suggested net ads join [EMAIL PROTECTED] -d 2 The following was output to the screen: [2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0 [2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown code krb5 156 [2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown code krb5 156 [2005/04/08 13:33:41, 2] utils/net.c:main(897) return code = -1 Thanks Penny -Original Message- From: Gordon Hopper [mailto:[EMAIL PROTECTED] Sent: 06 April 2005 05:28 To: Penny Willisson Subject: Re: [Samba] net ads join fails [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown code krb5 156 [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown code krb5 156 I suggest you post the output of the command you are running to join the domain (including the command), for example, net ads join -U [EMAIL PROTECTED] -d 2. Also, note that the credentials you use to join the domain are not necessarily the domain Administrator, but they need to be a user who has write privileges to the ads folder where the machine account will be created. (It worked better for me when the machine account was already created in server manager, but according to the docs, that shouldn't be necessary.) It almost looks like the password failed. Or perhaps the folder you specified for the machine account does not exist. Regards, Gordon Hopper -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join fails
Thanks When I run 'kinit administrator' I get the following error kinit: krb5_get_init_creds: unable to reach any KDC in realm ellisonslegal.com any ideas??? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dimitri Yioulos Sent: 08 April 2005 13:30 To: samba@lists.samba.org Subject: Re: [Samba] net ads join fails On Friday 08 April 2005 07:46 am, Penny Willisson wrote: Hi I have created the machine account on the AD server and did this logged in as Administrator so that should mean that the Administrator account has the correct permissions. I have executed the following command as suggested net ads join [EMAIL PROTECTED] -d 2 The following was output to the screen: [2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0 [2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown code krb5 156 [2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown code krb5 156 [2005/04/08 13:33:41, 2] utils/net.c:main(897) return code = -1 Thanks Penny -Original Message- From: Gordon Hopper [mailto:[EMAIL PROTECTED] Sent: 06 April 2005 05:28 To: Penny Willisson Subject: Re: [Samba] net ads join fails [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown code krb5 156 [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown code krb5 156 I suggest you post the output of the command you are running to join the domain (including the command), for example, net ads join -U [EMAIL PROTECTED] -d 2. Also, note that the credentials you use to join the domain are not necessarily the domain Administrator, but they need to be a user who has write privileges to the ads folder where the machine account will be created. (It worked better for me when the machine account was already created in server manager, but according to the docs, that shouldn't be necessary.) It almost looks like the password failed. Or perhaps the folde r you specified for the machine account does not exist. Regards, Gordon Hopper Try the command kinit Administrator (or [EMAIL PROTECTED]). You should be prompted for a password. If, after entering the password, you're returned to a prompt with no further output then, in theory at least, your Kerberos setup is OK. If you get errors, well ... Run that first, then try net ads join -U [EMAIL PROTECTED] A good how-to can be found at: http://www.ulug.org.nz/ActiveDirectorySamba. HTH. Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join fails
I am trying to connect to an ADS domain and it is failing all the time. I am running SuSE Linux 9.0 with Samba 3.0.13 and have configured Samba with ldap and heimdal kerberos Attached is my debug level 10 error log created when the join is attempted. I would appreciate any advice on solving this problem. Thanks in advance Penny Willisson DISCLAIMER: The information contained within or attached to this transmission is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, or distribution of the message, either in full or in part, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. Although every effort is taken to ensure that all e-mail is scanned for viruses, Ellisons will accept no responsibility for any damage or inconvenience resulting from any virus that may be contained in this e-mail. A list of Partners is available on request. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join fails
/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/05 15:11:44, 3] libads/sasl.c:ads_sasl_spnego_bind(211) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown code krb5 156 [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown code krb5 156 [2005/04/05 15:11:44, 2] utils/net.c:main(897) return code = -1 I am trying to connect to an ADS domain and it is failing all the time. I am running SuSE Linux 9.0 with Samba 3.0.13 and have configured Samba with ldap and heimdal kerberos Attached is my debug level 10 error log created when the join is attempted. I would appreciate any advice on solving this problem. Thanks in advance Penny Willisson DISCLAIMER: The information contained within or attached to this transmission is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, or distribution of the message, either in full or in part, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. Although every effort is taken to ensure that all e-mail is scanned for viruses, Ellisons will accept no responsibility for any damage or inconvenience resulting from any virus that may be contained in this e-mail. A list of Partners is available on request. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
