On Sun, 2002-11-10 at 21:13, [EMAIL PROTECTED] wrote: > I am having major problems with SAMBA samba-3.0alpha20 in trying to connect > to > Windows 2000 AD. I have attached info if that helps. Any help you can give > me > would be greatly appreciated. > > Thanks in advance > > Clive Elsum > > I can get samba-3.0alpha20 working if I include reference to our NT PDC > in the smb.conf file and do a net rpc join command. > This joins our NT PDC domain which has a trust relationship with the > Windows 2000 ADS. > The "joined domian XXX" message appears and a wbinfo -m shows the > Windows 2000 AD domain "YYYYY" as a trusted-domain. > I can then login using domain/userid and everything works correctly. > The working smb.conf relvant bits are > workgroup = xxx > security = server > encrypt passwords = yes > stat cache = false > winbind separator = / > winbind uid = 10000-30000 > winbind gid = 10000-30000 > winbind use default domain = true > winbind enum groups = yes > winbind enum users = yes > security = server > template shell = /bin/tcsh > > > However with the imminent departure of the local NT PDC I will be forced > to use the net ads join command which at present fails.
There isn't a 'forced' here - you should still be able to 'net rpc join' a Win2k domain. But that doesn't solve your real problem. > The kinit command works correctly (password entered prompt returned) > The klist command appears to do the right thing. > Suggesting that kerberos is set up OK. > > I have samba-3.0alpha20 version installed on Solaris 8. It was configured > with > ./configure --with-ads --with-ldap --with-krb5=/usr/local/kerberos > --with-pam --with-winbind > > The include/config.h file shows > #define HAVE_KRB5 1 > #define HAVE_GSSAPI 1 > #define WITH_ADS 1 > #define HAVE_LDAP_H 1 > > > I am using GCC Version 3.2; Kerberos krb5-1.2.6; LDAP openldap-2.1.8; on a > Solaris 8 platform. > > I have modified the Makefile so as to overcome errors in compiling e.g > passdb/pdb_ldap.c What were they, btw? > I then do a make install and copy relevant files with relevant links: > cp pam_winbind.so /lib/security > cp libnss_winbind.so /lib/nss_winbind.so > > > Relevant bits from smb.conf: > workgroup = OUR > realm = OUR.2000AD.DOMAIN > security = ADS > encrypt passwords = yes > stat cache = false > winbind separator = / > winbind uid = 10000-30000 > winbind gid = 10000-30000 > winbind use default domain = true > winbind enum groups = yes > winbind enum users = yes > ads server = <IP ADDRESS of ads server> > template shell = /bin/tcsh > > WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but > then > aborts with: > > convert_string: Required 1521, available 2048 > =============================================================== > INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20) > Please read the file BUGS.txt in the distribution > =============================================================== > PANIC: internal error > Abort (core dumped) Any chance of recompiling --enable-krb5developer and getting us a gdb backtrace? See 'panic action' in the smb.conf > Obviously the command net ads join also fails with: > [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122) > kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication > failed > [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148) > ads_connect: Invalid credentials Why is this 'obviously'? Anyway, a backtrace of this would be good. Anyway, if you can get that, and also try the lastest 3.0 CVS (pserver.samba.org), that will help us to chase it down. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
