RE: Trying to join a Solaris 8 box to Windows 2000 AD.
On Thu, 2002-11-14 at 09:20, [EMAIL PROTECTED] wrote: > Sorry Andrew, I may have mislead you here. In the pre CVS version I tried > timegm would not compile under Solaris without changing timegm to mktime in > ldap.c. With the newer CVS version I have not made any mods to ldap.c (as > you stated earlier this was a bug that was fixed) and all compiled OK with > mods to the > Configure commands as detailed earlier. > With the new CVS code unmodified timegm I get the Clock Skew problem. > You say I have a 10+ hour problem, but where and how, and how can this be > rectified.? Well, if you modified that function incorrectly, then you could get problems with the fact that AEDST != GMT :-). You might want to double-check that actually. See if the problem 'goes away' if you set the system time zone to GMT... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
Sorry Andrew, I may have mislead you here. In the pre CVS version I tried timegm would not compile under Solaris without changing timegm to mktime in ldap.c. With the newer CVS version I have not made any mods to ldap.c (as you stated earlier this was a bug that was fixed) and all compiled OK with mods to the Configure commands as detailed earlier. With the new CVS code unmodified timegm I get the Clock Skew problem. You say I have a 10+ hour problem, but where and how, and how can this be rectified.? TIA Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet@;samba.org] Sent: Thursday, 14 November 2002 9:03 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. On Thu, 2002-11-14 at 08:23, [EMAIL PROTECTED] wrote: > I can still not get net ads working with Solaris 8. > With the new CVS code and the mod to timegm in ldap.c The ned ads command > now fails with Clock Skew, Preauthentication failed, invalid credentials Well, if you modified that function, then you probably now have a +10 hour problem in the time. Samba uses the time the ldap server sends to avoid time skew problems, hence having those timegm() functions in the first place... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
On Thu, 2002-11-14 at 08:23, [EMAIL PROTECTED] wrote: > I can still not get net ads working with Solaris 8. > With the new CVS code and the mod to timegm in ldap.c The ned ads command > now fails with Clock Skew, Preauthentication failed, invalid credentials Well, if you modified that function, then you probably now have a +10 hour problem in the time. Samba uses the time the ldap server sends to avoid time skew problems, hence having those timegm() functions in the first place... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
I can still not get net ads working with Solaris 8. With the new CVS code and the mod to timegm in ldap.c The ned ads command now fails with Clock Skew, Preauthentication failed, invalid credentials even though the Machines are sync'd in time. Previous failure message when mktime was substituted for timegm was Preauthentication failed, invalid credentials. Any help on this would be appreciated. Thanks in advance Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: [EMAIL PROTECTED] [mailto:Clive.Elsum@;csiro.au] Sent: Wednesday, 13 November 2002 3:53 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. Andrew, I got the latest CVS code. Had to copy the alpha20 versions of configure.* to get this version to configure. I had to remove the AUTHLIBS=@AUTHLIBS@ statement from the Makefile. The timegm problem has gone away. The latest gdb output. GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8"... /usr/local/samba/lib/19461: No such file or directory. Attaching to program `/proc/19461/object/a.out', process 19461 Reading symbols from /usr/lib/libsec.so.1...done. Loaded symbols for /usr/lib/libsec.so.1 Reading symbols from /usr/lib/libgen.so.1...done. Loaded symbols for /usr/lib/libgen.so.1 Reading symbols from /usr/lib/libresolv.so.2...done. Loaded symbols for /usr/lib/libresolv.so.2 Reading symbols from /usr/lib/libsocket.so.1...done. Loaded symbols for /usr/lib/libsocket.so.1 Reading symbols from /usr/lib/libnsl.so.1...done. Loaded symbols for /usr/lib/libnsl.so.1 Reading symbols from /usr/lib/libdl.so.1...done. Loaded symbols for /usr/lib/libdl.so.1 Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done. Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3 Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done. Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3 Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done. Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3 Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2 Reading symbols from /usr/local/lib/libgcc_s.so.1...done. Loaded symbols for /usr/local/lib/libgcc_s.so.1 Reading symbols from /usr/local/ssl/lib/libssl.so.0.9.6...done. Loaded symbols for /usr/local/ssl/lib/libssl.so.0.9.6 Reading symbols from /usr/local/ssl/lib/libcrypto.so.0.9.6...done. Loaded symbols for /usr/local/ssl/lib/libcrypto.so.0.9.6 Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...done. Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 Retry #1: Retry #2: Retry #3: Retry #4: [New LWP 1] Symbols already loaded for /usr/lib/libsec.so.1 Symbols already loaded for /usr/lib/libgen.so.1 Symbols already loaded for /usr/lib/libresolv.so.2 Symbols already loaded for /usr/lib/libsocket.so.1 Symbols already loaded for /usr/lib/libnsl.so.1 Symbols already loaded for /usr/lib/libdl.so.1 Symbols already loaded for /usr/local/krb5/lib/libkrb5.so.3 Symbols already loaded for /usr/local/krb5/lib/libcom_err.so.3 Symbols already loaded for /usr/local/krb5/lib/libk5crypto.so.3 Symbols already loaded for /usr/local/krb5/lib/libgssapi_krb5.so.2 Symbols already loaded for /usr/local/ldap/lib/liblber.so.2 Symbols already loaded for /usr/local/ldap/lib/libldap.so.2 Symbols already loaded for /usr/lib/libpam.so.1 Symbols already loaded for /usr/lib/libc.so.1 Symbols already loaded for /usr/lib/libmp.so.2 Symbols already loaded for /usr/local/lib/libgcc_s.so.1 Symbols already loaded for /usr/local/ssl/lib/libssl.so.0.9.6 Symbols already loaded for /usr/local/ssl/lib/libcrypto.so.0.9.6 Symbols already loaded for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 0xff01b844 in _waitid () from /usr/lib/libc.so.1 #0 0xff01b844 in _waitid () from /usr/lib/libc.so.1 No symbol table info available. #1 0xfefd5d00 in _waitpid () from /usr/lib/libc.so.1 No symbol table info available. #2 0xff01113c in system () from /usr/lib/libc.so.1 No symbol table info available. #3 0x61268 in smb_panic (why=0xf31a8 "internal error") at lib/util.c:1344 cmd = 0x193c00 "/usr/openwin/bin/xterm -display :0.0 -e gdb -x /usr/local/gdbcmds /proc/19461/object/a.out 19461 || gdb -x /usr/local/gdbcmds /proc/19461/object/a.out 19461 | mail root" result =
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
il.c:1065
ret = {S_un = {S_un_b = {s_b1 = 144 '\220', s_b2 = 110 'n',
s_b3 = 3 '\003', s_b4 = 16 '\020'}, S_un_w = {s_w1 = 36974, s_w2 =
784},
S_addr = 2423128848}}
a = 4294967295
#15 0xe267c in ads_try_dns (ads=0x194790) at libads/ldap.c:154
port = 389
c_realm = 0x185
ptr = 0x194d49 "nxact1-gu.nexus.csiro.au:389
nxvic1-fa.nexus.csiro.au:389 worf.nexus.csiro.au:389
nxact1-bt.nexus.csiro.au:389 nxnsw1-mv.nexus.csiro.au:389
nxqld1-nd.nexus.csiro.au:389 nxact1-yf.nexus.csiro.au:389 nx"...
realm = 0x130
list = 0x1948e8 "nxtst1-tt.nexus.csiro.au:389
nxwa1-wf.nexus.csiro.au:389 147141-be.nexus.csiro.au:389
nxnsw1-ri.nexus.csiro.au:389 nxqld1-rh.nexus.csiro.au:389
nxnsw1-cj.nexus.csiro.au:389 nxvic1-fy.nexus.csiro.au:38"...
tok = "nxact1-bm.nexus.csiro.au\000389\000¾ëØÿ¾ëð\000\aDPþÿ,ü",
'\000' , "\027", '\000' ,
"\023½H\000\000\000\001\000\000\000\027\000\023È\220\000\000\000\000\000\000
\000\000ÿ¾ì@\000\005\203L\000\000\000\t\000\000\000\003\000\000'\020\000
\000\000\001\000\031X\200\000\000\000\224\000\000\000\000\005\000\002\003\02
0\000\000\000\000¬\000\000\000\000\000\002", '\000' ,
"\023È\220\000\0170hÿ¾íp\000\000\000S\000\000\000\021þü\"Pÿ¾ì¸\000\004ïì",
'\000' , "\002ÿ¾î "...
ip_list = (struct ldap_ip *) 0x193190
count = 389
i = 38
#16 0xe2a18 in ads_connect (ads=0x194790) at libads/ldap.c:254
version = 3
status = {error_type = 4278334252, err = {rc = 1037162097,
nt_status = {v = 1037162097}}, minor_status = 967592}
#17 0x3df5c in ads_cached_connection (domain=0x192560)
at nsswitch/winbindd_ads.c:68
ads = (ADS_STRUCT *) 0x194790
status = {error_type = 1243136, err = {rc = 0, nt_status = {v = 0}},
minor_status = 0}
#18 0x3fcb8 in domain_sid (domain=0x192560, sid=0x192760)
at nsswitch/winbindd_ads.c:628
ads = (ADS_STRUCT *) 0x0
rc = {error_type = 1651088, err = {rc = 0, nt_status = {v = 0}},
minor_status = 0}
#19 0x37ef4 in domain_sid (domain=0x192560, sid=0x192760)
at nsswitch/winbindd_cache.c:962
cache = (struct winbind_cache *) 0x192560
#20 0x35794 in init_domain_list () at nsswitch/winbindd_util.c:215
result = {v = 1219744}
domain = (struct winbindd_domain *) 0x192560
#21 0x2fb10 in winbind_setup_common () at nsswitch/winbindd.c:694
No locals.
#22 0x2ff48 in main (argc=1, argv=0xffbef8ac) at nsswitch/winbindd.c:845
logfile = "/usr/local/samba/var/log.winbindd\000\\L", '\000'
, "þó?ìþóbp", '\000' ,
"ÿ¾ôÈþñøÄ\000\000\000\000\000\000\000\000ÿ¾ôÈÿ3ù\fþØ\212\230\000\000\000\000
\000\000\000\001\000\000\000\002\000\000\000\002þù¹x", '\000' ,
"ÿ,\030\030ÿ,\030\224\000\000\000\001\000\001ux\000\000\000\000ÿ¾õ(ÿ<¦h",
'\000' , " \002\000\000\000\000\000
\000\000\000\000\000\000\001\000\000\000\001ÿ+\b\004ÿ+\b\000\000\000\000\000
þñø¸ÿ>\e\224", '\000' ...
interactive = 0
opt = 962040
Thanks in advance,
Clive
-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia 3195
Phone : (+61 3) 9239 4509
Fax: (+61 3) 9239 4444
E-mail [EMAIL PROTECTED]
-
-Original Message-
From: Andrew Bartlett [mailto:abartlet@;samba.org]
Sent: Wednesday, 13 November 2002 11:25 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD.
On Wed, 2002-11-13 at 11:11, [EMAIL PROTECTED] wrote:
> One other thing I keep meaning to mention Andrew, I had to replace timegm
> with mktime in libads/ldap.c as Solaris does not recognize timegm
OK. Can we take a step back then and move to current HEAD?
That bug is fixed, and perhaps your issue is fixed too.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
On Wed, 2002-11-13 at 11:11, [EMAIL PROTECTED] wrote: > One other thing I keep meaning to mention Andrew, I had to replace timegm > with mktime in libads/ldap.c as Solaris does not recognize timegm OK. Can we take a step back then and move to current HEAD? That bug is fixed, and perhaps your issue is fixed too. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
One other thing I keep meaning to mention Andrew, I had to replace timegm with mktime in libads/ldap.c as Solaris does not recognize timegm Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet@;samba.org] Sent: Wednesday, 13 November 2002 10:51 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Trying to join a Solaris 8 box to Windows 2000 AD. On Wed, 2002-11-13 at 10:33, [EMAIL PROTECTED] wrote: > Hi Andrew, > > Finally got back to this after locating a machine with more disk space! > The dbg output was: I need 'bt full' so I can see the contents of variables. Thanks, Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
) 0xf1e41
res = 2423128848
#14 0x5f830 in interpret_addr2 (
str=0x ) at lib/util.c:854
ret = {S_un = {S_un_b = {s_b1 = 144 '\220', s_b2 = 110 'n',
#5 0x4e7b8 in sig_fault (sig=11) at lib/fault.c:61
No locals.
#6
No symbol table info available.
#7 0xff0506bc in exit () from
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
No symbol table info available.
#8 0xff235554 in process_gethost () from /usr/lib/libnsl.so.1
No symbol table info available.
#9 0xff235388 in _door_gethostbyname_r () from /usr/lib/libnsl.so.1
No symbol table info available.
#10 0xff21af10 in _get_hostserv_inetnetdir_byname () from
/usr/lib/libnsl.so.1
No symbol table info available.
#11 0xff2348d0 in gethostbyname_r () from /usr/lib/libnsl.so.1
No symbol table info available.
#12 0x50a18 in sys_gethostbyname (name=0x19a5c8 "") at lib/system.c:513
No locals.
#13 0x5f708 in interpret_addr (str=0xffbeec40 "nxact1-bm.nexus.csiro.au")
at lib/util.c:832
hp = (struct hostent *) 0xf1e41
res = 2423128848
#14 0x5f830 in interpret_addr2 (
str=0x ) at lib/util.c:854
ret = {S_un = {S_un_b = {s_b1 = 144 '\220', s_b2 = 110 'n',
---Type to continue, or q to quit---
s_b3 = 3 '\003', s_b4 = 16 '\020'}, S_un_w = {s_w1 = 36974, s_w2 =
784},
S_addr = 2423128848}}
a = 4294967295
#15 0xe0048 in ads_try_dns (ads=0x198d10) at libads/ldap.c:129
port = 389
realm = 0x130
ptr = 0x1999b9 "nxact1-gu.nexus.csiro.au:389
nxvic1-fa.nexus.csiro.au:389 worf.nexus.csiro.au:389
nxact1-bt.nexus.csiro.au:389 nxnsw1-mv.nexus.csiro.au:389
nxqld1-nd.nexus.csiro.au:389 nxact1-yf.nexus.csiro.au:389 nx"...
list = 0x199558 "nxtst1-tt.nexus.csiro.au:389
nxwa1-wf.nexus.csiro.au:389 147141-be.nexus.csiro.au:389
nxnsw1-ri.nexus.csiro.au:389 nxqld1-rh.nexus.csiro.au:389
nxnsw1-cj.nexus.csiro.au:389 nxvic1-fy.nexus.csiro.au:38"...
tok = "nxact1-bm.nexus.csiro.au\000389", '\000' ,
"\025\000\000\000\025\000\000\000\025\000\000\000\025", '\000' , "\023\203°\000\000\000\001\000\000\000\025\000\022¬
\000\000\000\000\000\000\000\000ÿ¾ìè\000\005t¸ÿ>\e\224ÿ,\t\200\000\002¨k\000
\000\000\000ÿ>\e\224ÿ>\e\224\000\000\bä", '\000' , "\022¬
\000\016ú\000ÿ¾î\030\000\000\000S\000\000\000\021\000\000\000\000ÿ¾í`\000\00
4áð\000\000\000\003\000\000\000#\000\000\000#ÿ¾íà\000\002\eÀ\000\006åTÿ¾íx\0
00\006åT\000\000\000\023", '\000' ...
ip_list = (struct ldap_ip *) 0x199b58
count = 389
i = 38
#16 0xe040c in ads_connect (ads=0x198d10) at libads/ldap.c:227
version = 3
status = {error_type = 4278334252, err = {rc = 0, nt_status = {
v = 0}}, minor_status = 953608}
#17 0x3d05c in ads_cached_connection (domain=0x18ec18)
at nsswitch/winbindd_ads.c:136
ads = (ADS_STRUCT *) 0x198d10
status = {error_type = 1228800, err = {rc = 0, nt_status = {v = 0}},
minor_status = 0}
#18 0x3f3b0 in domain_sid (domain=0x18ec18, sid=0x18ee18)
at nsswitch/winbindd_ads.c:803
ads = (ADS_STRUCT *) 0x0
rc = {error_type = ADS_ERROR_KRB5, err = {rc = 0, nt_status = {
v = 0}}, minor_status = 0}
#19 0x36ec0 in domain_sid (domain=0x18ec18, sid=0x18ee18)
at nsswitch/winbindd_cache.c:892
cache = (struct winbind_cache *) 0x18ec18
#20 0x34d44 in init_domain_list () at nsswitch/winbindd_util.c:201
result = {v = 1633304}
domain = (struct winbindd_domain *) 0x18ec18
#21 0x2f3ac in winbind_setup_common () at nsswitch/winbindd.c:700
No locals.
#22 0x2f878 in main (argc=1, argv=0xffbef954) at nsswitch/winbindd.c:875
logfile = "/usr/local/samba/var/log.winbindd\000\\L", '\000'
, "þó?ìþóbp", '\000' ,
"ÿ¾õpþñøÄ\000\000\000\000\000\000\000\000ÿ¾õpÿ3ù\fþØ\212\230\000\000\000\000
\000\000\000\001\000\000\000\002\000\000\000\002þù¹x", '\000' ,
"ÿ,\030\030ÿ,\030\224\000\000\000\001\000\001ux\000\000\000\000ÿ¾õÐÿ<¦h",
'\000' , " \002\000\000\000\000\000
\000\000\000\000\000\000\001\000\000\000\001ÿ+\b\004ÿ+\b\000\000\000\000\000
þñø¸ÿ>\e\224", '\000' ...
accept_sock = 1
interactive = 1
opt = 0
(gdb)
-
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia 3195
Phone : (+61 3) 9239 4509
Fax:(+61 3) 9239
E-mail [EMAIL PROTECTED]
-
-Original Message-
From: Andrew Bartlett [mailto:abartlet@;samba.org]
Sent: Wednesday, 13 November 2002 10:51 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Trying to join a Solaris 8 box to Win
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
On Wed, 2002-11-13 at 10:33, [EMAIL PROTECTED] wrote: > Hi Andrew, > > Finally got back to this after locating a machine with more disk space! > The dbg output was: I need 'bt full' so I can see the contents of variables. Thanks, Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: Trying to join a Solaris 8 box to Windows 2000 AD.
#18 0x3f3b0 in domain_sid (domain=0x18ed30, sid=0x18ef30) at nsswitch/winbindd_ads.c:803 #19 0x36ec0 in domain_sid (domain=0x18ed30, sid=0x18ef30) at nsswitch/winbindd_cache.c:892 #20 0x34d44 in init_domain_list () at nsswitch/winbindd_util.c:201 #21 0x2f3ac in winbind_setup_common () at nsswitch/winbindd.c:700 #22 0x2f878 in main (argc=1, argv=0xffbef95c) at nsswitch/winbindd.c:875 Any help on where to go on this would be greatly appreciated, Clive - Clive Elsum BAppSc, RHCE Systems Engineer - Information Technology Group CSIRO Atmospheric Research PMB 1, Aspendale, Victoria, Australia 3195 Phone : (+61 3) 9239 4509 Fax:(+61 3) 9239 E-mail [EMAIL PROTECTED] - -Original Message- From: Andrew Bartlett [mailto:abartlet@;samba.org] Sent: Sunday, 10 November 2002 11:39 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Trying to join a Solaris 8 box to Windows 2000 AD. On Sun, 2002-11-10 at 21:13, [EMAIL PROTECTED] wrote: > I am having major problems with SAMBA samba-3.0alpha20 in trying to connect > to > Windows 2000 AD. I have attached info if that helps. Any help you can give > me > would be greatly appreciated. > > Thanks in advance > > Clive Elsum > > I can get samba-3.0alpha20 working if I include reference to our NT PDC > in the smb.conf file and do a net rpc join command. > This joins our NT PDC domain which has a trust relationship with the > Windows 2000 ADS. > The "joined domian XXX" message appears and a wbinfo -m shows the > Windows 2000 AD domain "Y" as a trusted-domain. > I can then login using domain/userid and everything works correctly. > The working smb.conf relvant bits are > workgroup = xxx > security = server > encrypt passwords = yes > stat cache = false > winbind separator = / > winbind uid = 1-3 > winbind gid = 1-3 > winbind use default domain = true > winbind enum groups = yes > winbind enum users = yes > security = server > template shell = /bin/tcsh > > > However with the imminent departure of the local NT PDC I will be forced > to use the net ads join command which at present fails. There isn't a 'forced' here - you should still be able to 'net rpc join' a Win2k domain. But that doesn't solve your real problem. > The kinit command works correctly (password entered prompt returned) > The klist command appears to do the right thing. > Suggesting that kerberos is set up OK. > > I have samba-3.0alpha20 version installed on Solaris 8. It was configured > with > ./configure --with-ads --with-ldap --with-krb5=/usr/local/kerberos > --with-pam --with-winbind > > The include/config.h file shows > #define HAVE_KRB5 1 > #define HAVE_GSSAPI 1 > #define WITH_ADS 1 > #define HAVE_LDAP_H 1 > > > I am using GCC Version 3.2; Kerberos krb5-1.2.6; LDAP openldap-2.1.8; on a > Solaris 8 platform. > > I have modified the Makefile so as to overcome errors in compiling e.g > passdb/pdb_ldap.c What were they, btw? > I then do a make install and copy relevant files with relevant links: > cp pam_winbind.so /lib/security > cp libnss_winbind.so /lib/nss_winbind.so > > > Relevant bits from smb.conf: > workgroup = OUR > realm = OUR.2000AD.DOMAIN > security = ADS > encrypt passwords = yes > stat cache = false > winbind separator = / > winbind uid = 1-3 > winbind gid = 1-3 > winbind use default domain = true > winbind enum groups = yes > winbind enum users = yes > ads server = > template shell = /bin/tcsh > > WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but > then > aborts with: > > convert_string: Required 1521, available 2048 > === > INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20) > Please read the file BUGS.txt in the distribution > === > PANIC: internal error > Abort (core dumped) Any chance of recompiling --enable-krb5developer and getting us a gdb backtrace? See 'panic action' in the smb.conf > Obviously the command net ads join also fails with: > [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122) > kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication > failed > [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148) > ads_connect: Invalid credentia
Re: Trying to join a Solaris 8 box to Windows 2000 AD.
On Sun, 2002-11-10 at 21:13, [EMAIL PROTECTED] wrote: > I am having major problems with SAMBA samba-3.0alpha20 in trying to connect > to > Windows 2000 AD. I have attached info if that helps. Any help you can give > me > would be greatly appreciated. > > Thanks in advance > > Clive Elsum > > I can get samba-3.0alpha20 working if I include reference to our NT PDC > in the smb.conf file and do a net rpc join command. > This joins our NT PDC domain which has a trust relationship with the > Windows 2000 ADS. > The "joined domian XXX" message appears and a wbinfo -m shows the > Windows 2000 AD domain "Y" as a trusted-domain. > I can then login using domain/userid and everything works correctly. > The working smb.conf relvant bits are > workgroup = xxx > security = server > encrypt passwords = yes > stat cache = false > winbind separator = / > winbind uid = 1-3 > winbind gid = 1-3 > winbind use default domain = true > winbind enum groups = yes > winbind enum users = yes > security = server > template shell = /bin/tcsh > > > However with the imminent departure of the local NT PDC I will be forced > to use the net ads join command which at present fails. There isn't a 'forced' here - you should still be able to 'net rpc join' a Win2k domain. But that doesn't solve your real problem. > The kinit command works correctly (password entered prompt returned) > The klist command appears to do the right thing. > Suggesting that kerberos is set up OK. > > I have samba-3.0alpha20 version installed on Solaris 8. It was configured > with > ./configure --with-ads --with-ldap --with-krb5=/usr/local/kerberos > --with-pam --with-winbind > > The include/config.h file shows > #define HAVE_KRB5 1 > #define HAVE_GSSAPI 1 > #define WITH_ADS 1 > #define HAVE_LDAP_H 1 > > > I am using GCC Version 3.2; Kerberos krb5-1.2.6; LDAP openldap-2.1.8; on a > Solaris 8 platform. > > I have modified the Makefile so as to overcome errors in compiling e.g > passdb/pdb_ldap.c What were they, btw? > I then do a make install and copy relevant files with relevant links: > cp pam_winbind.so /lib/security > cp libnss_winbind.so /lib/nss_winbind.so > > > Relevant bits from smb.conf: > workgroup = OUR > realm = OUR.2000AD.DOMAIN > security = ADS > encrypt passwords = yes > stat cache = false > winbind separator = / > winbind uid = 1-3 > winbind gid = 1-3 > winbind use default domain = true > winbind enum groups = yes > winbind enum users = yes > ads server = > template shell = /bin/tcsh > > WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but > then > aborts with: > > convert_string: Required 1521, available 2048 > === > INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20) > Please read the file BUGS.txt in the distribution > === > PANIC: internal error > Abort (core dumped) Any chance of recompiling --enable-krb5developer and getting us a gdb backtrace? See 'panic action' in the smb.conf > Obviously the command net ads join also fails with: > [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122) > kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication > failed > [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148) > ads_connect: Invalid credentials Why is this 'obviously'? Anyway, a backtrace of this would be good. Anyway, if you can get that, and also try the lastest 3.0 CVS (pserver.samba.org), that will help us to chase it down. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
