Re: [Samba] Response too big for UDP, retry with TCP
Hey Todd, Kinit uses the installed kerberos package - if your kerberos package does not do TCP fallback in the AS_REQ, you'll never be able to get a ticket when you see this error message - it's generated by the KDC, which will refuse to issue a ticket roughly 1500 bytes (for MS KDCs). Time to update your Kerberos port (MIT's dist 1.4.1 supports TCP). OK, I understand now. I installed MIT's Kerberos5 (installed port 'krb5' on FreeBSD, added 'KRB5_HOME=/usr/local' to /etc/make.conf and rebuilt samba3 port) and I succeeded joining the Samba server into ADS domain. Thanks to everyone! Bye, Nejc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Response too big for UDP, retry with TCP
Hi again, You could either use an administrative account which is not a member of so many groups (causing the packet too big error), or use a more recent version of samba. In any version = 3.0.22 the tcp fallback is not implemented during the kpasswd request. The krb5.conf kdc line is not taken into account at this place. I upgraded Samba to 3.0.25a and tried again with the user, who has administrator privileges but is not in so many groups. I get a bit different message, but it is still a no go: [EMAIL PROTECTED]:~# net ads join -U domainadmin%idsrmap978 [2007/07/11 11:36:34, 0] libads/kerberos.c:ads_kinit_password(227) kerberos_kinit_password [EMAIL PROTECTED] failed: Response too big for UDP, retry with TCP Failed to join domain: NT_STATUS_PROTOCOL_UNREACHABLE Any ideas? Thanks, Nejc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Response too big for UDP, retry with TCP
What does kinit say, if you have the e.g. kdc = tcp/192.168.1.1 line in your krb.conf? I'm using the same (0.6.3) heimdal version that does not have a tcp fallback. But could not get kinit to using UDP with this line in the krb5.conf. ~ Martin Nejc Škoberne schrieb: Hi again, You could either use an administrative account which is not a member of so many groups (causing the packet too big error), or use a more recent version of samba. In any version = 3.0.22 the tcp fallback is not implemented during the kpasswd request. The krb5.conf kdc line is not taken into account at this place. I upgraded Samba to 3.0.25a and tried again with the user, who has administrator privileges but is not in so many groups. I get a bit different message, but it is still a no go: [EMAIL PROTECTED]:~# net ads join -U domainadmin%idsrmap978 [2007/07/11 11:36:34, 0] libads/kerberos.c:ads_kinit_password(227) kerberos_kinit_password [EMAIL PROTECTED] failed: Response too big for UDP, retry with TCP Failed to join domain: NT_STATUS_PROTOCOL_UNREACHABLE Any ideas? Thanks, Nejc -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Response too big for UDP, retry with TCP
Hey Martin,
What does kinit say, if you have the
e.g. kdc = tcp/192.168.1.1 line in your krb.conf?
[EMAIL PROTECTED]:~# kinit [EMAIL PROTECTED]
[EMAIL PROTECTED]'s Password:
kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP
krb5.conf:
[libdefaults]
default_realm = INFRAX.LOCAL
[realms]
INFRAX.LOCAL = {
kdc = tcp/192.168.1.1
}
[domain_realms]
.infrax.local = INFRAX.LOCAL
Any more ideas?
Thanks for your help,
Nejc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Response too big for UDP, retry with TCP
Hello! You could either use an administrative account which is not a member of so many groups (causing the packet too big error), or use a more recent version of samba. In any version = 3.0.22 the tcp fallback is not implemented during the kpasswd request. The krb5.conf kdc line is not taken into account at this place. Greets, Martin Nejc Škoberne schrieb: Hello, I am trying to join a Samba 3.0.24 server into an ADS domain, which is served by two Windows 2003 servers (let's say srv1.domain.local (192.168.1.1) and srv2.domain.local (192.168.1.4)). I am running Samba on a FreeBSD 6.2 machine and I have established an OpenVPN connection to the ADS network (tunneling). I have this in my resolv.conf: [...] However, when I try to kinit, I get this: [EMAIL PROTECTED]:~# kinit [EMAIL PROTECTED] [EMAIL PROTECTED]'s Password: kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP [...] Any ideas? Thanks, Nejc -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Response too big for UDP, retry with TCP
Hey Martin, thanks for your quick reply. You could either use an administrative account which is not a member of so many groups (causing the packet too big error), or use a more recent version of samba. I tried the first option first: created a new account, put it into Administrators and Domain Admins groups (so it is in three groups now) but I still get packet too big error. In any version = 3.0.22 the tcp fallback is not implemented during the kpasswd request. The krb5.conf kdc line is not taken into account at this place. I am running Samba 3.0.24 - so this version supports tcp fallback, right? What can I try next? Thanks, Nejc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
