RE: Samba 3.0 Alpha 21 - TZ environment variable.
Maybe the suggestion I made some time ago which worked for Solaris may work for HP as well, if the Tridge replacement doesn't. The timegm replacement within replace.c (see earlier e-mails). time_t timegm(struct tm *t) { time_t tl, tb; struct tm *tg; tl = mktime (t); if (tl == -1) { t-tm_hour--; tl = mktime (t); if (tl == -1) return -1; /* can't deal with output from strptime */ tl += 3600; } tg = gmtime (tl); tg-tm_isdst = 0; tb = mktime (tg); if (tb == -1) { tg-tm_hour--; tb = mktime (tg); if (tb == -1) return -1; /* can't deal with output from gmtime */ tb += 3600; } return (tl - (tb - tl)); } [EMAIL PROTECTED] -Original Message- From: P Ranjit Kumar [mailto:[EMAIL PROTECTED]] Sent: Saturday, 11 January 2003 9:45 AM To: Andrew Bartlett; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Samba 3.0 Alpha 21 - TZ environment variable. That will be a cool solution. I will take a look at it. - Ranjit -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 2:34 PM To: [EMAIL PROTECTED] Cc: P Ranjit Kumar; [EMAIL PROTECTED] Subject: Re: Samba 3.0 Alpha 21 - TZ environment variable. On Sat, 2003-01-11 at 09:14, [EMAIL PROTECTED] wrote: On Fri, Jan 10, 2003 at 02:04:12PM -0800, P Ranjit Kumar wrote: Hi Samba 3.0 Alpha21 tries to emulate the timegm() call. When it does that, it sets the TZ= before it invokes the mktime() call. However, on HP-UX, setting TZ= makes the timezone to be EST but what we want is GMT for time_t computation. This results in Samba failing to a join a domain. Adding platform specific code (like #ifdef HPUX) isn't something we want to move towards. Does HPUX not have timegm ? If not, can you work out a feature test patch that fixes it for HPUX rather than a platform specific one ? Tridge's timegm() replacement doesn't use TZ any more, and has been merged into Samba 3.0, for the next alpha. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Samba 3.0 alpha 20 problem with timegm-mktime() on HP-UX
I have already included a fix for this which you could try. See previous e-mail to Andrew and samba-technical attached. Hopefully this will be adopted as a fix at some stage. Andrew, Another suggestion which appears to work without a kludge is a very minor mod to the code originally contributed by Roger Beeman [EMAIL PROTECTED], with the help of Mark Baushke [EMAIL PROTECTED] and the rest of the Gurus at CISCO. Further improved by Roger with assistance from Edward J. Sabol based on input by Jamie Zawinski. Setting this as a timegm replacement within lib/replace.c overcomes the need to reset TIMEZONE. time_t timegm(struct tm *t) { time_t tl, tb; struct tm *tg; tl = mktime (t); if (tl == -1) { t-tm_hour--; tl = mktime (t); if (tl == -1) return -1; /* can't deal with output from strptime */ tl += 3600; } tg = gmtime (tl); tg-tm_isdst = 0; tb = mktime (tg); if (tb == -1) { tg-tm_hour--; tb = mktime (tg); if (tb == -1) return -1; /* can't deal with output from gmtime */ tb += 3600; } return (tl - (tb - tl)); } - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: P Ranjit Kumar [mailto:[EMAIL PROTECTED]] Sent: Thursday, 28 November 2002 11:07 AM To: [EMAIL PROTECTED] Subject: Samba 3.0 alpha 20 problem with timegm-mktime() on HP-UX Hi I had a problem with net ads join on HP-UX. I used mktime() instead of the timegm() that was used in Samba 3.0 alpha 20. net ads join gives error saying that the times are out of sync (Windows 2000 DC and Samba HP Unix Box) But they are in perfectly in sync. mktime() interprets the time as local time (PST8PDT). You need to set the TZ environment variable to GMT to solve the problem and get it working. If I come up with a programatic solution to this issue, I will leave it on the mailing list. - Ranjit @ HP CIFS Team.
RE timegm on SOLARIS
Hi, I have not had any feedback on the replacement module for timegm within /lib/replace.c. This fix allows a correct Solaris build, without it Clock Skew errors occur unless the machine is dropped back to GMT. Is there any chance of this being implemented? Thanks in advance Clive Original message attached Delivered-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: FIX to RE: Cannot get net ads join to work under Solaris 8 MIME-Version: 1.0 X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.0.13 List-Help: mailto:[EMAIL PROTECTED]?subject=help List-Post: mailto:[EMAIL PROTECTED] List-Subscribe: http://lists.samba.org/mailman/listinfo/samba-technical, mailto:[EMAIL PROTECTED]?subject=subscribe List-Id: Discussions on Samba internals. For general questions please subscribe to the list [EMAIL PROTECTED] samba-technical.lists.samba.org List-Unsubscribe: http://lists.samba.org/mailman/listinfo/samba-technical, mailto:[EMAIL PROTECTED]?subject=unsubscribe List-Archive: http://lists.samba.org/pipermail/samba-technical/ X-Original-Date: Sun, 17 Nov 2002 19:33:23 +1100 Date: Sun, 17 Nov 2002 19:33:23 +1100 Andrew, Another suggestion which appears to work without a kludge is a very minor mod to the code originally contributed by Roger Beeman [EMAIL PROTECTED], with the help of Mark Baushke [EMAIL PROTECTED] and the rest of the Gurus at CISCO. Further improved by Roger with assistance from Edward J. Sabol based on input by Jamie Zawinski. Setting this as a timegm replacement within lib/replace.c overcomes the need to reset TIMEZONE. time_t timegm(struct tm *t) { time_t tl, tb; struct tm *tg; tl = mktime (t); if (tl == -1) { t-tm_hour--; tl = mktime (t); if (tl == -1) return -1; /* can't deal with output from strptime */ tl += 3600; } tg = gmtime (tl); tg-tm_isdst = 0; tb = mktime (tg); if (tb == -1) { tg-tm_hour--; tb = mktime (tg); if (tb == -1) return -1; /* can't deal with output from gmtime */ tb += 3600; } return (tl - (tb - tl)); - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] -
FIX to RE: Cannot get net ads join to work under Solaris 8
Andrew, Another suggestion which appears to work without a kludge is a very minor mod to the code originally contributed by Roger Beeman [EMAIL PROTECTED], with the help of Mark Baushke [EMAIL PROTECTED] and the rest of the Gurus at CISCO. Further improved by Roger with assistance from Edward J. Sabol based on input by Jamie Zawinski. Setting this as a timegm replacement within lib/replace.c overcomes the need to reset TIMEZONE. time_t timegm(struct tm *t) { time_t tl, tb; struct tm *tg; tl = mktime (t); if (tl == -1) { t-tm_hour--; tl = mktime (t); if (tl == -1) return -1; /* can't deal with output from strptime */ tl += 3600; } tg = gmtime (tl); tg-tm_isdst = 0; tb = mktime (tg); if (tb == -1) { tg-tm_hour--; tb = mktime (tg); if (tb == -1) return -1; /* can't deal with output from gmtime */ tb += 3600; } return (tl - (tb - tl)); - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] -
RE: Cannot get net ads join to work under Solaris 8
Following on from this in the replacement for timegm within /lib/replace.c Solaris returns the TIMEZONE (in our case) as Australia/Victoria. This is done during installation. I expect that SAMBA is looking for some variant of GMT or UTC not Australia/Victoria. As a very simple workaround I simply changed the putenv call to force TZ=GMT and all works happily. time_t timegm(struct tm *tm) { time_t ret; char *tz; char *tzvar; tz = getenv(TZ); /*putenv(TZ=); putenv(TZ=GMT); tzset(); ret = mktime(tm); Clive Elsum - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED]] Sent: Saturday, 16 November 2002 7:18 AM To: David Collier-Brown -- Customer Engineering Cc: Andrew Bartlett; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Cannot get net ads join to work under Solaris 8 On Sat, 2002-11-16 at 06:09, David Collier-Brown -- Customer Engineering wrote: Andrew Bartlett wrote: Well, it just means that we need to find a real replacement for gmtime(). Any chance you could have a look at that function, and see if you can figure out why the current replacement doesn't work? Huh? My Solaris box has gmtime and gmtime_r, the reentrant variant. In principle, gmtime creates a struct tm, in Coordinated Universal Time (UTC), just as if you called localtime when machine was set to GMT. Actually, we got confused - the function that Samba replaced, which I suspected could be a problem is 'timegm'. Either way, there is a but in there somewhere, as it doesn't work for a non-GMT timezone. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Cannot get net ads join to work under Solaris 8
HI, Any clues would be appreciated in getting net ads join working on Solaris 8. I have downloaded the latest CVS samba 3.0. on to a solaris 8 box as is. I have followed the same procedures as the LINUX CVS port that I have got going. The only mod needed was that the --without-sendfile flag did not appear to work so I put in with-sendfile=no in configure rather that the default yes for the Solaris port. This was not necessary for the Linux port. Clocks on the machines are synchronized. kdestroy works correctly kinit works correctly klist works correctly net ads join fails for the Solaris port but works for the Linux port, errors reported below. root#l ./net ads join -Uadminuser [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from UCS-2LE to CP850 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from UTF8 to CP850 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from ASCII to CP850 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to UCS-2LE not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to UTF8 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to ASCII not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to UTF8 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from UTF8 to CP850 not supported adminuser password: [2002/11/14 21:01:11, 1] libsmb/clikrb5.c:krb5_mk_req2(63) krb5_get_credentials failed for w2kads$@OUR.DOMAIN.AU (Clock skew too great in KDC reply) [2002/11/14 21:01:11, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed [2002/11/14 21:01:11, 1] utils/net_ads.c:ads_startup(148) ads_connect: Invalid credentials Thanks in advance Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] -
RE: Cannot get net ads join to work under Solaris 8
Many thanks Andrew!! Setting the Solaris box to GMT certainly did the trick. Well done, I appreciate the prompt response to my query. Clive Elsum -Original Message- From: Andrew Bartlett [mailto:abartlet;samba.org] Sent: Thursday, 14 November 2002 10:19 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cannot get net ads join to work under Solaris 8 On Thu, 2002-11-14 at 21:30, [EMAIL PROTECTED] wrote: HI, Any clues would be appreciated in getting net ads join working on Solaris 8. I have downloaded the latest CVS samba 3.0. on to a solaris 8 box as is. I have followed the same procedures as the LINUX CVS port that I have got going. The only mod needed was that the --without-sendfile flag did not appear to work so I put in with-sendfile=no in configure rather that the default yes for the Solaris port. This was not necessary for the Linux port. Clocks on the machines are synchronized. kdestroy works correctly kinit works correctly klist works correctly net ads join fails for the Solaris port but works for the Linux port, errors reported below. root#l ./net ads join -Uadminuser [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from UCS-2LE to CP850 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from UTF8 to CP850 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from ASCII to CP850 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to UCS-2LE not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to UTF8 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to ASCII not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from CP850 to UTF8 not supported [2002/11/14 21:01:07, 0] lib/charcnv.c:init_iconv(93) Conversion from UTF8 to CP850 not supported adminuser password: [2002/11/14 21:01:11, 1] libsmb/clikrb5.c:krb5_mk_req2(63) krb5_get_credentials failed for w2kads$@OUR.DOMAIN.AU (Clock skew too great in KDC reply) Can you try putting the Solaris machine in the GMT timezone? My thinking is that the gmtime() replacement might not be functioning correctly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
I can still not get net ads working with Solaris 8. With the new CVS code and the mod to timegm in ldap.c The ned ads command now fails with Clock Skew, Preauthentication failed, invalid credentials even though the Machines are sync'd in time. Previous failure message when mktime was substituted for timegm was Preauthentication failed, invalid credentials. Any help on this would be appreciated. Thanks in advance Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: [EMAIL PROTECTED] [mailto:Clive.Elsum;csiro.au] Sent: Wednesday, 13 November 2002 3:53 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. Andrew, I got the latest CVS code. Had to copy the alpha20 versions of configure.* to get this version to configure. I had to remove the AUTHLIBS=@AUTHLIBS@ statement from the Makefile. The timegm problem has gone away. The latest gdb output. GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as sparc-sun-solaris2.8... /usr/local/samba/lib/19461: No such file or directory. Attaching to program `/proc/19461/object/a.out', process 19461 Reading symbols from /usr/lib/libsec.so.1...done. Loaded symbols for /usr/lib/libsec.so.1 Reading symbols from /usr/lib/libgen.so.1...done. Loaded symbols for /usr/lib/libgen.so.1 Reading symbols from /usr/lib/libresolv.so.2...done. Loaded symbols for /usr/lib/libresolv.so.2 Reading symbols from /usr/lib/libsocket.so.1...done. Loaded symbols for /usr/lib/libsocket.so.1 Reading symbols from /usr/lib/libnsl.so.1...done. Loaded symbols for /usr/lib/libnsl.so.1 Reading symbols from /usr/lib/libdl.so.1...done. Loaded symbols for /usr/lib/libdl.so.1 Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done. Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3 Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done. Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3 Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done. Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3 Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2 Reading symbols from /usr/local/lib/libgcc_s.so.1...done. Loaded symbols for /usr/local/lib/libgcc_s.so.1 Reading symbols from /usr/local/ssl/lib/libssl.so.0.9.6...done. Loaded symbols for /usr/local/ssl/lib/libssl.so.0.9.6 Reading symbols from /usr/local/ssl/lib/libcrypto.so.0.9.6...done. Loaded symbols for /usr/local/ssl/lib/libcrypto.so.0.9.6 Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...done. Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 Retry #1: Retry #2: Retry #3: Retry #4: [New LWP 1] Symbols already loaded for /usr/lib/libsec.so.1 Symbols already loaded for /usr/lib/libgen.so.1 Symbols already loaded for /usr/lib/libresolv.so.2 Symbols already loaded for /usr/lib/libsocket.so.1 Symbols already loaded for /usr/lib/libnsl.so.1 Symbols already loaded for /usr/lib/libdl.so.1 Symbols already loaded for /usr/local/krb5/lib/libkrb5.so.3 Symbols already loaded for /usr/local/krb5/lib/libcom_err.so.3 Symbols already loaded for /usr/local/krb5/lib/libk5crypto.so.3 Symbols already loaded for /usr/local/krb5/lib/libgssapi_krb5.so.2 Symbols already loaded for /usr/local/ldap/lib/liblber.so.2 Symbols already loaded for /usr/local/ldap/lib/libldap.so.2 Symbols already loaded for /usr/lib/libpam.so.1 Symbols already loaded for /usr/lib/libc.so.1 Symbols already loaded for /usr/lib/libmp.so.2 Symbols already loaded for /usr/local/lib/libgcc_s.so.1 Symbols already loaded for /usr/local/ssl/lib/libssl.so.0.9.6 Symbols already loaded for /usr/local/ssl/lib/libcrypto.so.0.9.6 Symbols already loaded for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 0xff01b844 in _waitid () from /usr/lib/libc.so.1 #0 0xff01b844 in _waitid () from /usr/lib/libc.so.1 No symbol table info available. #1 0xfefd5d00 in _waitpid () from /usr/lib/libc.so.1 No symbol table info available. #2 0xff01113c in system () from /usr/lib/libc.so.1 No symbol table info available. #3 0x61268 in smb_panic (why=0xf31a8 internal error) at lib/util.c:1344 cmd = 0x193c00 /usr/openwin/bin/xterm -display :0.0 -e gdb -x /usr/local/gdbcmds /proc/19461/object/a.out 19461 || gdb -x /usr/local/gdbcmds /proc/19461/object/a.out 19461 | mail root result = 1653760 #4 0x4f4ac in fault_report (sig=11) at lib/fault.c:41
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
Sorry Andrew, I may have mislead you here. In the pre CVS version I tried timegm would not compile under Solaris without changing timegm to mktime in ldap.c. With the newer CVS version I have not made any mods to ldap.c (as you stated earlier this was a bug that was fixed) and all compiled OK with mods to the Configure commands as detailed earlier. With the new CVS code unmodified timegm I get the Clock Skew problem. You say I have a 10+ hour problem, but where and how, and how can this be rectified.? TIA Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet;samba.org] Sent: Thursday, 14 November 2002 9:03 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. On Thu, 2002-11-14 at 08:23, [EMAIL PROTECTED] wrote: I can still not get net ads working with Solaris 8. With the new CVS code and the mod to timegm in ldap.c The ned ads command now fails with Clock Skew, Preauthentication failed, invalid credentials Well, if you modified that function, then you probably now have a +10 hour problem in the time. Samba uses the time the ldap server sends to avoid time skew problems, hence having those timegm() functions in the first place... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
One other thing I keep meaning to mention Andrew, I had to replace timegm with mktime in libads/ldap.c as Solaris does not recognize timegm Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet;samba.org] Sent: Wednesday, 13 November 2002 10:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. On Wed, 2002-11-13 at 10:33, [EMAIL PROTECTED] wrote: Hi Andrew, Finally got back to this after locating a machine with more disk space! The dbg output was: I need 'bt full' so I can see the contents of variables. Thanks, Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
(domain=0x18ed30, sid=0x18ef30) at nsswitch/winbindd_ads.c:803 #19 0x36ec0 in domain_sid (domain=0x18ed30, sid=0x18ef30) at nsswitch/winbindd_cache.c:892 #20 0x34d44 in init_domain_list () at nsswitch/winbindd_util.c:201 #21 0x2f3ac in winbind_setup_common () at nsswitch/winbindd.c:700 #22 0x2f878 in main (argc=1, argv=0xffbef95c) at nsswitch/winbindd.c:875 Any help on where to go on this would be greatly appreciated, Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet;samba.org] Sent: Sunday, 10 November 2002 11:39 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Trying to join a Solaris 8 box to Windows 2000 AD. On Sun, 2002-11-10 at 21:13, [EMAIL PROTECTED] wrote: I am having major problems with SAMBA samba-3.0alpha20 in trying to connect to Windows 2000 AD. I have attached info if that helps. Any help you can give me would be greatly appreciated. Thanks in advance Clive Elsum I can get samba-3.0alpha20 working if I include reference to our NT PDC in the smb.conf file and do a net rpc join command. This joins our NT PDC domain which has a trust relationship with the Windows 2000 ADS. The joined domian XXX message appears and a wbinfo -m shows the Windows 2000 AD domain Y as a trusted-domain. I can then login using domain/userid and everything works correctly. The working smb.conf relvant bits are workgroup = xxx security = server encrypt passwords = yes stat cache = false winbind separator = / winbind uid = 1-3 winbind gid = 1-3 winbind use default domain = true winbind enum groups = yes winbind enum users = yes security = server template shell = /bin/tcsh However with the imminent departure of the local NT PDC I will be forced to use the net ads join command which at present fails. There isn't a 'forced' here - you should still be able to 'net rpc join' a Win2k domain. But that doesn't solve your real problem. The kinit command works correctly (password entered prompt returned) The klist command appears to do the right thing. Suggesting that kerberos is set up OK. I have samba-3.0alpha20 version installed on Solaris 8. It was configured with ./configure --with-ads --with-ldap --with-krb5=/usr/local/kerberos --with-pam --with-winbind The include/config.h file shows #define HAVE_KRB5 1 #define HAVE_GSSAPI 1 #define WITH_ADS 1 #define HAVE_LDAP_H 1 I am using GCC Version 3.2; Kerberos krb5-1.2.6; LDAP openldap-2.1.8; on a Solaris 8 platform. I have modified the Makefile so as to overcome errors in compiling e.g passdb/pdb_ldap.c What were they, btw? I then do a make install and copy relevant files with relevant links: cp pam_winbind.so /lib/security cp libnss_winbind.so /lib/nss_winbind.so Relevant bits from smb.conf: workgroup = OUR realm = OUR.2000AD.DOMAIN security = ADS encrypt passwords = yes stat cache = false winbind separator = / winbind uid = 1-3 winbind gid = 1-3 winbind use default domain = true winbind enum groups = yes winbind enum users = yes ads server = IP ADDRESS of ads server template shell = /bin/tcsh WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but then aborts with: convert_string: Required 1521, available 2048 === INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20) Please read the file BUGS.txt in the distribution === PANIC: internal error Abort (core dumped) Any chance of recompiling --enable-krb5developer and getting us a gdb backtrace? See 'panic action' in the smb.conf Obviously the command net ads join also fails with: [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148) ads_connect: Invalid credentials Why is this 'obviously'? Anyway, a backtrace of this would be good. Anyway, if you can get that, and also try the lastest 3.0 CVS (pserver.samba.org), that will help us to chase it down. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
= {s_b1 = 144 '\220', s_b2 = 110 'n', s_b3 = 3 '\003', s_b4 = 16 '\020'}, S_un_w = {s_w1 = 36974, s_w2 = 784}, S_addr = 2423128848}} a = 4294967295 #15 0xe267c in ads_try_dns (ads=0x194790) at libads/ldap.c:154 port = 389 c_realm = 0x185 Address 0x185 out of bounds ptr = 0x194d49 nxact1-gu.nexus.csiro.au:389 nxvic1-fa.nexus.csiro.au:389 worf.nexus.csiro.au:389 nxact1-bt.nexus.csiro.au:389 nxnsw1-mv.nexus.csiro.au:389 nxqld1-nd.nexus.csiro.au:389 nxact1-yf.nexus.csiro.au:389 nx... realm = 0x130 Address 0x130 out of bounds list = 0x1948e8 nxtst1-tt.nexus.csiro.au:389 nxwa1-wf.nexus.csiro.au:389 147141-be.nexus.csiro.au:389 nxnsw1-ri.nexus.csiro.au:389 nxqld1-rh.nexus.csiro.au:389 nxnsw1-cj.nexus.csiro.au:389 nxvic1-fy.nexus.csiro.au:38... tok = nxact1-bm.nexus.csiro.au\000389\000¾ëØÿ¾ëð\000\aDPþÿ,ü, '\000' repeats 15 times, \027, '\000' repeats 29 times, \023½H\000\000\000\001\000\000\000\027\000\023È\220\000\000\000\000\000\000 \000\000ÿ¾ì@\000\005\203L\000\000\000\t\000\000\000\003\000\000'\020\000 \000\000\001\000\031X\200\000\000\000\224\000\000\000\000\005\000\002\003\02 0\000\000\000\000¬\000\000\000\000\000\002, '\000' repeats 33 times, \023È\220\000\0170hÿ¾íp\000\000\000S\000\000\000\021þü\Pÿ¾ì¸\000\004ïì, '\000' repeats 11 times, \002ÿ¾î ... ip_list = (struct ldap_ip *) 0x193190 count = 389 i = 38 #16 0xe2a18 in ads_connect (ads=0x194790) at libads/ldap.c:254 version = 3 status = {error_type = 4278334252, err = {rc = 1037162097, nt_status = {v = 1037162097}}, minor_status = 967592} #17 0x3df5c in ads_cached_connection (domain=0x192560) at nsswitch/winbindd_ads.c:68 ads = (ADS_STRUCT *) 0x194790 status = {error_type = 1243136, err = {rc = 0, nt_status = {v = 0}}, minor_status = 0} #18 0x3fcb8 in domain_sid (domain=0x192560, sid=0x192760) at nsswitch/winbindd_ads.c:628 ads = (ADS_STRUCT *) 0x0 rc = {error_type = 1651088, err = {rc = 0, nt_status = {v = 0}}, minor_status = 0} #19 0x37ef4 in domain_sid (domain=0x192560, sid=0x192760) at nsswitch/winbindd_cache.c:962 cache = (struct winbind_cache *) 0x192560 #20 0x35794 in init_domain_list () at nsswitch/winbindd_util.c:215 result = {v = 1219744} domain = (struct winbindd_domain *) 0x192560 #21 0x2fb10 in winbind_setup_common () at nsswitch/winbindd.c:694 No locals. #22 0x2ff48 in main (argc=1, argv=0xffbef8ac) at nsswitch/winbindd.c:845 logfile = /usr/local/samba/var/log.winbindd\000\\L, '\000' repeats 24 times, þó?ìþóbp, '\000' repeats 20 times, ÿ¾ôÈþñøÄ\000\000\000\000\000\000\000\000ÿ¾ôÈÿ3ù\fþØ\212\230\000\000\000\000 \000\000\000\001\000\000\000\002\000\000\000\002þù¹x, '\000' repeats 44 times, ÿ,\030\030ÿ,\030\224\000\000\000\001\000\001ux\000\000\000\000ÿ¾õ(ÿ¦h, '\000' repeats 13 times, \002\000\000\000\000\000 \000\000\000\000\000\000\001\000\000\000\001ÿ+\b\004ÿ+\b\000\000\000\000\000 þñø¸ÿ\e\224, '\000' repeats 12 times... interactive = 0 opt = 962040 Thanks in advance, Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet;samba.org] Sent: Wednesday, 13 November 2002 11:25 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. On Wed, 2002-11-13 at 11:11, [EMAIL PROTECTED] wrote: One other thing I keep meaning to mention Andrew, I had to replace timegm with mktime in libads/ldap.c as Solaris does not recognize timegm OK. Can we take a step back then and move to current HEAD? That bug is fixed, and perhaps your issue is fixed too. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Trying to join a Solaris 8 box to Windows 2000 AD.
I am having major problems with SAMBA samba-3.0alpha20 in trying to connect to Windows 2000 AD. I have attached info if that helps. Any help you can give me would be greatly appreciated. Thanks in advance Clive Elsum I can get samba-3.0alpha20 working if I include reference to our NT PDC in the smb.conf file and do a net rpc join command. This joins our NT PDC domain which has a trust relationship with the Windows 2000 ADS. The joined domian XXX message appears and a wbinfo -m shows the Windows 2000 AD domain Y as a trusted-domain. I can then login using domain/userid and everything works correctly. The working smb.conf relvant bits are workgroup = xxx security = server encrypt passwords = yes stat cache = false winbind separator = / winbind uid = 1-3 winbind gid = 1-3 winbind use default domain = true winbind enum groups = yes winbind enum users = yes security = server template shell = /bin/tcsh However with the imminent departure of the local NT PDC I will be forced to use the net ads join command which at present fails. The kinit command works correctly (password entered prompt returned) The klist command appears to do the right thing. Suggesting that kerberos is set up OK. I have samba-3.0alpha20 version installed on Solaris 8. It was configured with ./configure --with-ads --with-ldap --with-krb5=/usr/local/kerberos --with-pam --with-winbind The include/config.h file shows #define HAVE_KRB5 1 #define HAVE_GSSAPI 1 #define WITH_ADS 1 #define HAVE_LDAP_H 1 I am using GCC Version 3.2; Kerberos krb5-1.2.6; LDAP openldap-2.1.8; on a Solaris 8 platform. I have modified the Makefile so as to overcome errors in compiling e.g passdb/pdb_ldap.c CFLAGS=-O -I/usr/local/kerberos/include -I/usr/local/openldap/include CPPFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/kerberos/include -I/usr/local/openldap/include LDFLAGS= -L/usr/local/kerberos/lib -L/usr/local/openldap/lib LDSHFLAGS=-G -L/usr/local/kerberos/lib -L/usr/local/openldap/lib -O -I/usr/local/kerberos/include -I/usr/local/openldap/includ e During compilation the following warnings show: lib/util_str.c: In function `str_list_make': lib/util_str.c:1160: warning: passing arg 3 of `next_token' discards qualifiers from pointer target type auth/pampass.c: In function `smb_setup_pam_conv': auth/pampass.c:422: warning: assignment from incompatible pointer type libads/ldap.c: In function `ads_do_paged_search': libads/ldap.c:405: warning: passing arg 2 of `str_list_copy' from incompatible pointer type libads/ldap.c: In function `ads_do_search': libads/ldap.c:631: warning: passing arg 2 of `str_list_copy' from incompatible pointer type libads/ldap_printer.c: In function `ads_mod_printer_entry': libads/ldap_printer.c:80: warning: passing arg 4 of `ads_mod_strlist' from incompatible pointer type libads/ldap_printer.c:96: warning: passing arg 4 of `ads_mod_strlist' from incompatible pointer type libads/ldap_printer.c:99: warning: passing arg 4 of `ads_mod_strlist' from incompatible pointer type libads/kerberos.c: In function `kerberos_kinit_password': libads/kerberos.c:80: warning: passing arg 6 of `krb5_get_init_creds_password' discards qualifiers from pointer target type utils/net.c: In function `net_getlocalsid': utils/net.c:348: warning: passing arg 1 of `secrets_fetch_domain_sid' discards qualifiers from pointer target type utils/net_ads.c: In function `net_ads_printer_info': utils/net_ads.c:722: warning: passing arg 4 of `ads_find_printer_on_server' discards qualifiers from pointer target type utils/net_ads.c: In function `net_ads_printer_publish': utils/net_ads.c:774: warning: assignment discards qualifiers from pointer target type utils/net_ads.c: In function `net_ads_printer_remove': utils/net_ads.c:812: warning: assignment discards qualifiers from pointer target type utils/net_rpc_join.c: In function `net_rpc_join_ok': utils/net_rpc_join.c:65: warning: passing arg 1 of `secrets_fetch_trust_account_password' discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:67: warning: passing arg 3 of `pam_get_item' from incompatible pointer type nsswitch/pam_winbind.c:70: warning: passing arg 2 of pointer to function from incompatible pointer type nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:85: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:278: warning: passing arg 3 of `pam_get_item' from incompatible pointer type nsswitch/pam_winbind.c:311: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:319: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:325: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:383: warning