Hello,
I've been trying to get samba installed and connecting to a Win2k03 AD
using RFC2307 and having problems getting it to join the domain. I've
got a 6.2 machine which is working with nearly the same configuration (I
think the only differences are the idmap backends).
I installed from the port after enabling the ADS support (and
EXP_MODULES as I want the idmap backends provided there). I installed
the openldap23-sasl-client as that is what I installed on the 6.2
machine (somewhere I read that was needed for things to work correctly).
I copied a working krb5.conf file from my 6.2 machine and verified that
I could successfully do kinit (this works great, I get a ticket for myself).
However, when I try to do the net ads join command (after I kinit as the
user who has permission to add the computer account to AD), I get
prompted for my password, and then get the "Response too big for UDP,
retry with TCP" error and am unable to join the domain. I *thought*
that I didn't get prompted for my password with the 6.2 machine, but it
has been since last summer that I set it up.
I see that net ads join creates its own krb5.conf file in
/var/db/samba/smb_krb5/krb5.conf.IASTATE which doesn't have the tcp/
service flag preceding the IP addresses.
I ran the command with debug level at 10, and after a whole bunch of
query stuff after it asked for my password, I got this:
------------
[2008/04/09 15:42:44, 4] libads/ldap.c:ads_current_time(2414)
time offset is 0 seconds
[2008/04/09 15:42:44, 4] libads/sasl.c:ads_sasl_bind(521)
Found SASL mechanism GSS-SPNEGO
[2008/04/09 15:42:44, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/04/09 15:42:44, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/04/09 15:42:44, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/04/09 15:42:44, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/04/09 15:42:44, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2008/04/09 15:42:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2008/04/09 15:42:44, 10] libads/sasl.c:ads_sasl_spnego_bind(262)
ads_sasl_spnego_krb5_bind failed with: No such file or directory,
calling kinit
[2008/04/09 15:42:44, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
kerberos_kinit_password: using [MEMORY:net_ads] as ccache and config
[/var/db/samba/smb_krb5/krb5.conf.IASTATE]
[2008/04/09 15:42:44, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password [EMAIL PROTECTED] failed: Response too big
for UDP, retry with TCP
[2008/04/09 15:42:44, 1] utils/net_ads.c:net_ads_join(1470)
error on ads_startup: Response too big for UDP, retry with TCP
Failed to join domain: NT_STATUS_PROTOCOL_UNREACHABLE
[2008/04/09 15:42:44, 2] utils/net.c:main(1036)
return code = -1
-------------------
Does any of this mean anything to anybody? I thought from reading the
samba docs that it would automatically retry with TCP when it got this
error. I can't find a whole lot on the net -- what I did find, people
weren't able to successfully kinit at the command prompt either, but
that works for me.
--
Stephanie Bridges
Department of Economics
Iowa State University
[EMAIL PROTECTED]
"A positive attitude may not solve all your problems, but it will
annoy enough people to make it worth the effort." --Herm Albright
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"