RE: [Samba] net ads join hangs forever
Hi Aaron, we've just identified this problem and thought you may be interested if you haven't resolved this already. The bind is failing because the admin account being used to join the domain is a member of too many groups (waiting to hear from M$ what constitutes too many) and as a result the Kerberos TGT is too large and the kpasswd service on the M$ DC just ignores the change password request. To work around this created an admin account with minimal group membership and use this to bind Samba boxes to AD. Of course you may have a different issue with M$ ;-) cheers Andy. Thanks all. At least now I know it's not just me. I'll be watching bugzilla with interest, and in the meantime I suppose standard Kerb will have to do. Aaron Grewell Network Administrator University of Washington Bothell This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
Thanks all. At least now I know it's not just me. I'll be watching bugzilla with interest, and in the meantime I suppose standard Kerb will have to do. Aaron Grewell Network Administrator University of Washington Bothell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ww m-pubsyssamba Sent: Friday, May 21, 2004 6:28 AM To: Andrew Bartlett Cc: [EMAIL PROTECTED]; Gerald (Jerry) Carter; Andrew Bartlett Subject: RE: [Samba] net ads join hangs forever Did you manage to valgrind it? ## ##Yes, I've sent it through to you last week, didn't you recieve it? ##If not I've attached all the out put to the bugzilla bug 1370 ## thanks Andy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
Did you manage to valgrind it? ## ##Yes, I've sent it through to you last week, didn't you recieve it? ##If not I've attached all the out put to the bugzilla bug 1370 ## thanks Andy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
On Fri, 2004-05-21 at 19:43, ww m-pubsyssamba wrote: > >> > I believe this is a bug as I have posted exactly the same problem to this > list already including some debug info, nobody replied though > I have contacted Andrew Bartlett on this with some debug information and > am waiting for a reply. As its not just me I'll raise a bug in bugzilla, Sorry about the delay, and thanks for keeping on it. > thanks Andy Smith. > > PS I've replicated the problem on Linux and Solaris and Kerberos is > working correctly. Did you manage to valgrind it? > << > > > Aaron Grewell wrote: > | I am trying to join my Linux workstation to my ADS domain. > | Unfortunately, I'm not having much success. net ads > | join hangs forever (or at least for more than 12 hours) > | when run. > ... > | [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006) > | Host account for cygnus already exists - modifying old account > | [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56) > | Search for (objectclass=*) gave 1 replies > | > | * > | After the LDAP search it hangs forever. :( > | > > I would start by checking for any kerberos misconfigurations. > Just a gut feeling though. Does kinit run ok ? In the trace, it appears that the server just never replies to the 'set password' request. We sit around forever, waiting for the reply, rather than resending it (it is a UDP based request) or timing out. This is krb5_setpw.c:do_krb5_kpasswd_request() Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
logged on bugzilla, id 1370 thanks Andy. >> I believe this is a bug as I have posted exactly the same problem to this list already including some debug info, nobody replied though I have contacted Andrew Bartlett on this with some debug information and am waiting for a reply. As its not just me I'll raise a bug in bugzilla, thanks Andy Smith. PS I've replicated the problem on Linux and Solaris and Kerberos is working correctly. << Aaron Grewell wrote: | I am trying to join my Linux workstation to my ADS domain. | Unfortunately, I'm not having much success. net ads | join hangs forever (or at least for more than 12 hours) | when run. ... | [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006) | Host account for cygnus already exists - modifying old account | [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56) | Search for (objectclass=*) gave 1 replies | | * | After the LDAP search it hangs forever. :( | I would start by checking for any kerberos misconfigurations. Just a gut feeling though. Does kinit run ok ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
>> I believe this is a bug as I have posted exactly the same problem to this list already including some debug info, nobody replied though I have contacted Andrew Bartlett on this with some debug information and am waiting for a reply. As its not just me I'll raise a bug in bugzilla, thanks Andy Smith. PS I've replicated the problem on Linux and Solaris and Kerberos is working correctly. << Aaron Grewell wrote: | I am trying to join my Linux workstation to my ADS domain. | Unfortunately, I'm not having much success. net ads | join hangs forever (or at least for more than 12 hours) | when run. ... | [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006) | Host account for cygnus already exists - modifying old account | [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56) | Search for (objectclass=*) gave 1 replies | | * | After the LDAP search it hangs forever. :( | I would start by checking for any kerberos misconfigurations. Just a gut feeling though. Does kinit run ok ? BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join hangs forever
I would start by checking for any kerberos misconfigurations. Just a gut feeling though. Does kinit run ok ? Kinit runs fine. I started with a standard Kerb config that I've used a number of times with good success. I also tried removing /etc/krb5.conf altogether. Kinit ran fine in either case. Using kinit -V [EMAIL PROTECTED] returns "Authenticated to Kerberos V5" once I've entered my password so I'm pretty sure it's working. The user I'm authenticating as is a Domain Admin, and so should have the rights to do what is needed. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join hangs forever
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aaron Grewell wrote: | I am trying to join my Linux workstation to my ADS domain. | Unfortunately, I'm not having much success. net ads | join hangs forever (or at least for more than 12 hours) | when run. ... | [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006) | Host account for cygnus already exists - modifying old account | [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56) | Search for (objectclass=*) gave 1 replies | | * | After the LDAP search it hangs forever. :( | I would start by checking for any kerberos misconfigurations. Just a gut feeling though. Does kinit run ok ? cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFArR+zIR7qMdg1EfYRApA9AJ9eRPJY0epCgihSOXboJ+Ja6+6vcgCbBcvR BYuR207X5GEeLtZAp+BV7Pk= =mbOD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join hangs forever
I am trying to join my Linux workstation to my ADS domain. Unfortunately, I'm not having much success. net ads join hangs forever (or at least for more than 12 hours) when run. The computer account is created in the domain, but the process never completes. tdbdump secrets.tdb shows no results, and wbinfo shows users and groups from the trusted domains but not from the domain I am trying to join. getent has the same results as wbinfo. net ads info fails altogether, stating that the ldap server was not found. Watching Ethereal during the net ads join shows lots of Reverse DNS queries but not much else. I am using 'Samba-3 by Example' Chapter 9 as the source for my configurations, and I'm not sure where I've gone wrong. Platform: Fedora Core 2 Samba: 3.0.3 [EMAIL PROTECTED] root]# net ads join -d 10 [2004/05/20 10:08:46, 5] lib/debug.c:debug_dump_status(367) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 [2004/05/20 10:08:46, 3] param/loadparm.c:lp_load(3886) lp_load: refreshing parameters [2004/05/20 10:08:46, 3] param/loadparm.c:init_globals(1307) Initialising global parameters [2004/05/20 10:08:46, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2004/05/20 10:08:46, 3] param/loadparm.c:do_section(3384) Processing section "[global]" doing parameter workgroup = UWB doing parameter server string = Samba 3.0.3 doing parameter printcap name = CUPS doing parameter load printers = yes doing parameter printing = cups doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 50 doing parameter security = ads doing parameter username map = /etc/samba/smbusers doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter dns proxy = no doing parameter idmap uid = 16777216-33554431 doing parameter idmap gid = 16777216-33554431 doing parameter template shell = /bin/bash doing parameter template primary group = "Domain Users" doing parameter realm = UWB.EDU doing parameter log level = 1 doing parameter syslog = 1 doing parameter ldap ssl = no [2004/05/20 10:08:46, 4] param/loadparm.c:lp_load(3918) pm_process() returned Yes [2004/05/20 10:08:46, 7] param/loadparm.c:lp_servicenumber(4031) lp_servicenumber: couldn't find homes [2004/05/20 10:08:46, 10] param/loadparm.c:set_server_role(3827) set_server_role: role = ROLE_DOMAIN_MEMBER [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS-2LE [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS-2LE [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UTF8 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset UTF8 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset ASCII [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset ASCII [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset 646 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset 646 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset ISO-8859-1 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset ISO-8859-1 [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95) Attempting to register new charset UCS2-HEX [2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103) Registered charset UCS2-HEX [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2004/05/20 10:08:46, 5] lib/
