Netjoin problems - Kerberos configuratio issues?

Tue, 11 Feb 2003 10:02:24 -0800 

I'm trying to get Microsoft's netjoin to work (it's a program to
automatically add a unix machine to a Win2k Active Directory domain).

I've retrieved and compiled the sources on Solaris 2.8.  The LDAP part
works, the computer record is added to the AD server OK.  The problem
comes when trying to set the password.

Just doing a netjoin after rebooting gives me a error:
  "No credentials cache found setting computer password"
When I do a kinit to initialize the cache, it crashes with a core
dump.  Apparently it is having problems finding the kadmin/changepw
account in combination with Win2k AD.  Notice that in the stack that
"cred" is null (hense the core dump) and dn is a random user.

It looks like a Kerberos configuration problem.  I don't have the
proper setup for some reason.

Any help fixing this would be appreciated.

/John

[EMAIL PROTECTED]

--------------------
Debugging output follows:
--------------------
# ./netjoin -A [EMAIL PROTECTED]  -D adtest.net  -s
csg-cpqet-006.adtest.net -v
Creating host account for [EMAIL PROTECTED]
Warning: Using simple LDAP bind.
Password for [EMAIL PROTECTED]:
Searching for "modena" at "dc=adtest,dc=net" ...
Existing host account not found - adding as
"cn=modena,cn=computers,dc=adtest,dc=net"
Setting computer password...
netjoin: No credentials cache found setting computer password

# kinit kadmin
Password for [EMAIL PROTECTED]: 

# ./netjoin -A [EMAIL PROTECTED]  -D adtest.net  -s
csg-cpqet-006.adtest.net -v
Creating host account for [EMAIL PROTECTED]
Warning: Using simple LDAP bind.
Password for [EMAIL PROTECTED]:
Searching for "modena" at "dc=adtest,dc=net" ...
Existing host account not found - adding as
"cn=modena,cn=computers,dc=adtest,dc=net"
Setting computer password...
Segmentation Fault - core dumped

# dbx netjoin core
 Current function is ldap_sasl_bind
  113                   rc = ber_printf( ber, "{it{ist{so}}", msgid,
LDAP_REQ_BIND,
(dbx) where
=>[1] ldap_sasl_bind(ld = 0xd93c0, dn = 0xd8f88
"cn=manchala,ou=Users,dc=adtest,dc=net", mechanism = 0xff086f58
"CRAM-MD5", cred = (nil), serverctrls = (nil), clientctrls = (nil),
msgidp = 0xffbec620), line 113 in "saslbind.c"
  [2] ldap_sasl_bind_s(ld = 0xd93c0, dn = 0xd8f88
"cn=manchala,ou=Users,dc=adtest,dc=net", mechanism = 0xff086f58
"CRAM-MD5", cred = (nil), serverctrls = (nil), clientctrls = (nil),
servercredp = 0xffbec6b4), line 166 in "saslbind.c"
  [3] ldap_sasl_cram_md5_bind_s(0xd93c0, 0xffbec6b4, 0xffbec718, 0x0,
0x0, 0xff084000), at 0xff05e510
  [4] MakeSession(0xd86f8, 0xd8f88, 0xd64a8, 0xffbee0c4, 0xd93c0,
0xff0b6000), at 0xff09b900
  [5] MakeConnection(0xda848, 0xda848, 0xffbee0c4, 0xffbee048,
0xd86e0, 0xff0b6000), at 0xff09b2f8
  [6] __s_api_getConnection_ext(0xd9240, 0x0, 0x0, 0xda848,
0xffffffff, 0xffbee048), at 0xff094ae0
  [7] __ns_ldap_list(0xffbee0c4, 0x0, 0xff0ecab8, 0x0, 0xffbee0c4,
0x0), at 0xff09708c
  [8] _nss_ldap_lookup(0xda290, 0xda2ac, 0xff0ecdf4, 0xffbee128, 0x0,
0xffbee300), at 0xff0d9d78
  [9] getbyname(0xda290, 0xffbee300, 0xff0ec000, 0xda814, 0x2371c,
0xff1491e0), at 0xff0d91d0
  [10] _nss_search(0x1, 0xff1bcf44, 0xff1c15e4, 0xff0d9158, 0xda238,
0xda290), at 0xff149270
  [11] _switch_getservbyname_r(0xbe710, 0xbe720, 0xd9e14, 0xd9e24,
0x400, 0x75647000), at 0xff239614
  [12] _get_hostserv_inetnetdir_byname(0xffbee42c, 0xffbee434, 0x0,
0xffbee434, 0xff29ce9c, 0xff315c38), at 0xff21b1c0
  [13] getservbyname_r(0xbe710, 0xd74a0, 0xd9e14, 0xd9e24, 0x400,
0xff32a000), at 0xff315c2c
  [14] krb5_locate_srv_conf(0xd5d28, 0xd61b4, 0xbe748, 0xffbee680,
0xffbee67c, 0xd8320), at 0x7a620
  [15] krb5_locate_kdc(0xd5d28, 0xd61b4, 0xffbee680, 0xffbee67c, 0x0,
0xff142954), at 0x7b5d0
  [16] krb5_sendto_kdc(0xd5d28, 0xd8338, 0xd61b4, 0xffbee814, 0x0,
0x72028), at 0x7bd08
  [17] krb5_send_tgs(0xd5d28, 0x0, 0xffbeeba4, 0x0, 0xd7e28, 0xd7e48),
at 0x72048
  [18] krb5_get_cred_via_tkt(0xd5d28, 0xffbee928, 0x0, 0x0, 0x0,
0xffbeeb54), at 0x6a4b0
  [19] krb5_get_cred_from_kdc_opt(0xd5d28, 0xd7868, 0x0, 0x0, 0x0,
0x0), at 0x9bde0
  [20] krb5_get_cred_from_kdc(0xd5d28, 0xd7868, 0xffbeeb88,
0xffbeeb54, 0xffbeea6c, 0x6ab58), at 0x9bee4
  [21] krb5_get_credentials(0xd5d28, 0x0, 0x0, 0xffbeeb88, 0x96c73a8d,
0x0), at 0x6abe8
  [22] krb5_set_password(context = 0xd5d28, ccache = 0xd7868, newpw =
0xd7ac0 "+1V4z2t1SlCxRNuD", targprinc = 0xd62f0, result_code =
0xffbeecc0, result_code_string = 0xffbef110, result_string =
0xffbef100), line 354 in "setpw.c"
  [23] set_password(host = 0xd4870 "modena", domain = 0xffbef7e5
"ADTEST.NET", use_default_kt = 1), line 389 in "netjoin.c"
  [24] main(argc = 0, argv = 0xd4ad0), line 288 in "netjoin.c"
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to