[Samba] KDC Lookup errors only on ads joins.
I have a RedHat Enterprise 4 server with samba 3.0.25a rpms installed (downloaded from mirror mentioned on samba.org site). I have configured krb5.conf smb.conf. I can perform a kinit [EMAIL PROTECTED] net ads status [EMAIL PROTECTED] perfectly fine. But when attempting to net ads join [EMAIL PROTECTED], I get an, error on ads_startup: Cannot resolve network address for KDC in requested realm, error. If there is a KDC lookup problem, should it not occur globally ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] KDC Lookup errors only on ads joins.
I can managed a net ads join if I follow the following steps: kinit [EMAIL PROTECTED] net ads status net ads join Only guess that the net ads status ends up causing my crednetials to be cached that net ads join makes use of. Just doing a kinit [EMAIL PROTECTED] ; net ads join, does not work. Strange, but it works... ~Steve On Wednesday 20 June 2007 10:09, [EMAIL PROTECTED] wrote: I have a RedHat Enterprise 4 server with samba 3.0.25a rpms installed (downloaded from mirror mentioned on samba.org site). I have configured krb5.conf smb.conf. I can perform a kinit [EMAIL PROTECTED] net ads status [EMAIL PROTECTED] perfectly fine. But when attempting to net ads join [EMAIL PROTECTED], I get an, error on ads_startup: Cannot resolve network address for KDC in requested realm, error. If there is a KDC lookup problem, should it not occur globally ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba: ads join to win2003 AD.
On Monday 11 June 2007 10:57, [EMAIL PROTECTED] wrote: All, I have a RedHat Enterprise 3 update 5 server. This server has the rpm binaries provided from a link off the samba.org site. I am attempting to join the AD tree, and getting the error, NT_STATUS_WRONG_PASSWORD. smb.conf: [global] workgroup = REMOVEME realm=REALM security = ADS preferred master = no bind interfaces only = yes interfaces = eth0 admin users = @REMOVEME+Admin log level = 1 use spnego = yes client use spnego = yes encrypt passwords = yes deadtime = 15 local master = no prefered master = no socket options = TCP_NODELAY idmap uid = 4-25 idmap gid = 4-25 winbind enum users = no winbind enum groups = no winbind separator = + winbind use default domain = no winbind trusted domains only = yes disable netbios = yes password server=domainController wins server = a1.a2.a3.a4 b1.b2.b3.b4 [temp] path = /tmp valid users = @REMOVEME+Admin public = no writeable = yes create mode = 770 directory mode = 770 force user = nobody force group = nobody I perform the following commands: kinit [EMAIL PROTECTED] net -d3 ads [EMAIL PROTECTED] And I see the following: ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2007/06/11 10:22:49, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Mon, 11 Jun 2007 20:22:48 EDT [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_start_connection(1426) Connecting to host=domainController [2007/06/11 10:22:49, 3] lib/util_sock.c:open_socket_out(874) Connecting to 3.170.65.210 at port 445 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721) Doing spnego session setup (blob length=117) [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 48018 1 2 2 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 3 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 3 6 1 4 1 311 2 2 10 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754) got [EMAIL PROTECTED] [2007/06/11 10:22:49, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(546) Doing kerberos session setup [2007/06/11 10:22:50, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Mon, 11 Jun 2007 20:22:49 EDT [2007/06/11 10:22:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine domainController pipe \lsarpc fnum 0xc00f bind request returned ok. [2007/06/11 10:22:50, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/06/11 10:22:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine domainController pipe \samr fnum 0xd bind request returned ok. Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to join domain! [2007/06/11 10:22:50, 2] utils/net.c:main(988) return code = -1 The line, lsa_io_sec_qos: length c does not match size 8, seems like something is funky with my machine trust password. Guessing there is an issues with crypting/decrypting it, or Password policy enforcers on the 2003 AD server is rejecting the password. Just guessing though, Any ideas or thoughts are most welcomed. ~Steve If no one has any ideas on this, does anyone know of any commercial support offered for Samba/AD integration. I was looking for someone with indepth knowledge experience with Samba AD integration. Now I looked at the samba.org Commercial support page, and that data contained appears old (confirmed samba list maintainer that US list was update 3 years ago). So my questions, can anyone refer me to anyone they know that offers commercial grade support ? Location would be North East United States, ideally Connecticut or upstate New York. ~Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba: ads join to win2003 AD.
On Tuesday 12 June 2007 12:30, George Farris wrote: On Tue, 2007-12-06 at 11:57 -0400, [EMAIL PROTECTED] wrote: I perform the following commands: kinit [EMAIL PROTECTED] net -d3 ads [EMAIL PROTECTED] Shouldn't this be net ads join [EMAIL PROTECTED] Looks like you forgot the join key word. type-o, I do do a net ads join -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba: ads join to win2003 AD.
All, I have a RedHat Enterprise 3 update 5 server. This server has the rpm binaries provided from a link off the samba.org site. I am attempting to join the AD tree, and getting the error, NT_STATUS_WRONG_PASSWORD. smb.conf: [global] workgroup = REMOVEME realm=REALM security = ADS preferred master = no bind interfaces only = yes interfaces = eth0 admin users = @REMOVEME+Admin log level = 1 use spnego = yes client use spnego = yes encrypt passwords = yes deadtime = 15 local master = no prefered master = no socket options = TCP_NODELAY idmap uid = 4-25 idmap gid = 4-25 winbind enum users = no winbind enum groups = no winbind separator = + winbind use default domain = no winbind trusted domains only = yes disable netbios = yes password server=domainController wins server = a1.a2.a3.a4 b1.b2.b3.b4 [temp] path = /tmp valid users = @REMOVEME+Admin public = no writeable = yes create mode = 770 directory mode = 770 force user = nobody force group = nobody I perform the following commands: kinit [EMAIL PROTECTED] net -d3 ads [EMAIL PROTECTED] And I see the following: ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2007/06/11 10:22:49, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Mon, 11 Jun 2007 20:22:48 EDT [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_start_connection(1426) Connecting to host=domainController [2007/06/11 10:22:49, 3] lib/util_sock.c:open_socket_out(874) Connecting to 3.170.65.210 at port 445 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721) Doing spnego session setup (blob length=117) [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 48018 1 2 2 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 3 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 3 6 1 4 1 311 2 2 10 [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754) got [EMAIL PROTECTED] [2007/06/11 10:22:49, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(546) Doing kerberos session setup [2007/06/11 10:22:50, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Mon, 11 Jun 2007 20:22:49 EDT [2007/06/11 10:22:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine domainController pipe \lsarpc fnum 0xc00f bind request returned ok. [2007/06/11 10:22:50, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/06/11 10:22:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine domainController pipe \samr fnum 0xd bind request returned ok. Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to join domain! [2007/06/11 10:22:50, 2] utils/net.c:main(988) return code = -1 The line, lsa_io_sec_qos: length c does not match size 8, seems like something is funky with my machine trust password. Guessing there is an issues with crypting/decrypting it, or Password policy enforcers on the 2003 AD server is rejecting the password. Just guessing though, Any ideas or thoughts are most welcomed. ~Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
