[gentoo-user] Could not join to Windows 2k3 domain: Failed to set servicePrincipalNames

Fri, 16 May 2008 05:21:54 -0700 

Hello!

I'm trying to join my Gentoo box to Windows 2003 domain and I need some
help.

I've set up smb.conf,. krb5.conf, got a krb ticket, but I'm not able to join
domain:

# net ads join -U [EMAIL PROTECTED] -d2
[2008/05/16 16:13:11, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.5.21 bcast=192.168.5.255 nmask=255.255.255.0
[EMAIL PROTECTED]'s password:
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
  Doing kerberos session setup
Using short domain name -- CORP
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
  Doing kerberos session setup
Deleted account for 'RUVRN-NIX01' in realm 'CORP.MY.DOMAIN'
Failed to join domain: Type or value exists
[2008/05/16 16:13:13, 2] utils/net.c:main(1036)
  return code = -1

smb.conf:
[global]
   workgroup = CORP
   realm = CORP.MY.DOMAIN <http://CORP.MURANOSOFT.COM>
   server string = samba-%v
   printcap name = cups
   load printers = yes
   printing = cups
   log file = /var/log/samba/log.%m
   max log size = 50
   hosts allow = 192.168.1. 127.
   use sendfile = yes
  map to guest = bad user
   security = ads
  encrypt passwords = yes
   winbind use default domain = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   domain logons = no
   idmap uid = 10000-20000
  idmap gid = 10000-20000

  wins server = CORP.MY.DOMAIN
  wins proxy = no
  dns proxy = yes
  dos charset = 866
  unix charset = UTF-8

krb5.conf:
[libdefaults]
        ticket_lifetime = 600
        default_realm = CORP.MY.DOMAIN
        default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
        default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5

[realms]
        CORP.MY.DOMAIN = {
        kdc = zaz.corp.my.domain:88
        admin_server = zaz.corp.my.domain:749
        }

[domain_realm]
        .corp.my.domain = CORP.MY.DOMAIN
        corp.my.domain = CORP.MY.DOMAIN
        .my.domain = CORP.MY.DOMAIN
        my.domain = CORP.MY.DOMAIN
        corp = CORP.MY.DOMAIN
        .corp = CORP.MY.DOMAIN

[logging]
        kdc = SYSLOG
        admin_server = SYSLOG
        default = SYSLOG

[password_quality]
        check_library = /usr/lib/sample_passwd_check.so
        check_function = check_cracklib


installed packages:

net-fs/samba
     Installed versions:  3.0.28(14:37:31 05/16/08)(ads cups fam
kernel_linux ldap pam python readline winbind -acl -async -automount -caps
-doc -examples -ipv6 -linguas_ja -linguas_pl -quotas -selinux -swat -syslog)

[D] app-crypt/mit-krb5
     Installed versions:  1.6.3-r1(15:42:50 05/16/08)(-doc -ipv6 -krb4 -tcl)

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal
05/16/08 15:54:41  05/16/08 16:04:41  krbtgt/[EMAIL PROTECTED]

-- 
Vladimir Rusinov
Voronezh, Russia
UNIX Admin @ Murano Software

Reply via email to