[Samba] Re: Domain Member Server problems

2008-11-18 Thread William Usher 
I figured it out. I had changed my hostname after winbind started. All I
needed to do was restart winbind (svcadm restart winbind).

Hopefully this will help someone else in the future...

On Thu, Nov 13, 2008 at 5:45 PM, William Usher <[EMAIL PROTECTED]> wrote:

> Hi all,
> I'm not having any success adding samba (3.0.28 on Solaris 10) to a Windows
> AD server (2003 R2) per the instructions here: (In addition to much
> googling)
> http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
>
> The error is:
> bash-3.00# /usr/sfw/sbin/net ads join -U Administrator
> Administrator's password:
> Using short domain name -- BETA
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
> Failed to join domain: Type or value exists
>
>
> Thanks for you help. More information below.
>
> Windows AD domain name: beta.local
>
> Background:
> bash-3.00# hostname
> solaris
> bash-3.00# domainname
> beta.local
>
> smb.conf -
>
> [global]
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> idmap uid = 1-2
> idmap gid = 1-2
> winbind separator = +
> workgroup = beta
> server string = Samba
> security = ADS
>
> -
>
> /etc/krb5/krb5.conf--
> [libdefaults]
> default_realm = BETA.local
>
> [realms]
>BETA.local = {
> kdc = will-ea96ec1f1e.beta.local:
> default_domain = beta.local
> }
>
> [domain_realm]
> BETA.local = BETA.local
> .BETA.local = BETA.local
>
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> kdc_rotate = {
>
> period = 1d
>
> versions = 10
> }
>
> [appdefaults]
> kinit = {
> renewable = true
> forwardable= true
> }
> gkadmin = {
> help_url =
> http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195}
> ---
>
>
> 
> bash-3.00# /usr/sfw/sbin/net ads join -U Administrator -d3
> [2008/11/13 17:43:35, 3] param/loadparm.c:(5031)
>   lp_load: refreshing parameters
> [2008/11/13 17:43:35, 3] param/loadparm.c:(1430)
>   Initialising global parameters
> [2008/11/13 17:43:35, 3] param/params.c:(572)
>   params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf"
> [2008/11/13 17:43:35, 3] param/loadparm.c:(3770)
>   Processing section "[global]"
> [2008/11/13 17:43:35, 2] lib/interface.c:(81)
>   added interface ip=192.168.0.10 bcast=192.168.0.255 nmask=255.255.255.0
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:35, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> Administrator's password:
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected to LDAP server 192.168.0.1
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/13 17:43:41, 3] libads/sasl.c:(213)
>   ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/13 17:43:41, 3] libads/sasl.c:(222)
>   ads_sasl_spnego_bind: got server principal name =
> [EMAIL PROTECTED]
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(593)
>   ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file
> found)
> [2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
>   ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> Fri, 14 Nov 2008 03:43:38 EST
> [2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
>   get_dc_list: preferred server list: "192.168.0.1, *"
> [2008/11/13 17:43:41, 3] libads/ldap.c:(394)
>   Connected

[Samba] Domain Member Server problems

2008-11-13 Thread William Usher 
Hi all,
I'm not having any success adding samba (3.0.28 on Solaris 10) to a Windows
AD server (2003 R2) per the instructions here: (In addition to much
googling)
http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm

The error is:
bash-3.00# /usr/sfw/sbin/net ads join -U Administrator
Administrator's password:
Using short domain name -- BETA
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'SOLARIS' in realm 'BETA.LOCAL'
Failed to join domain: Type or value exists


Thanks for you help. More information below.

Windows AD domain name: beta.local

Background:
bash-3.00# hostname
solaris
bash-3.00# domainname
beta.local

smb.conf -

[global]
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
workgroup = beta
server string = Samba
security = ADS

-

/etc/krb5/krb5.conf--
[libdefaults]
default_realm = BETA.local

[realms]
   BETA.local = {
kdc = will-ea96ec1f1e.beta.local:
default_domain = beta.local
}

[domain_realm]
BETA.local = BETA.local
.BETA.local = BETA.local

[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {

period = 1d

versions = 10
}

[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195}
---



bash-3.00# /usr/sfw/sbin/net ads join -U Administrator -d3
[2008/11/13 17:43:35, 3] param/loadparm.c:(5031)
  lp_load: refreshing parameters
[2008/11/13 17:43:35, 3] param/loadparm.c:(1430)
  Initialising global parameters
[2008/11/13 17:43:35, 3] param/params.c:(572)
  params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf"
[2008/11/13 17:43:35, 3] param/loadparm.c:(3770)
  Processing section "[global]"
[2008/11/13 17:43:35, 2] lib/interface.c:(81)
  added interface ip=192.168.0.10 bcast=192.168.0.255 nmask=255.255.255.0
[2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:35, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:35, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
Administrator's password:
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
[EMAIL PROTECTED]
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file
found)
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/namequery.c:(1489)
  get_dc_list: preferred server list: "192.168.0.1, *"
[2008/11/13 17:43:41, 3] libads/ldap.c:(394)
  Connected to LDAP server 192.168.0.1
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/13 17:43:41, 3] libads/sasl.c:(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/13 17:43:41, 3] libads/sasl.c:(222)
  ads_sasl_spnego_bind: got server principal name =
[EMAIL PROTECTED]
[2008/11/13 17:43:41, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Fri, 14 Nov 2008 03:43:38 EST
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(1509)
  Connecting to host=will-ea96ec1f1e.beta.local
[2008/11/13 17:43:41, 3] lib/util_sock.c:(874)
  Connecting to 192.168.0.1 at port 445
[2008/11/13 17:43:41, 3] libsmb/cliconnect.c:(793)
  Doing spnego session setup (blob length=115)
[2008/11/13 17: