[Samba] client ldap sasl wrapping stripped out by testparm: AD net join fails

Mon, 24 Aug 2009 12:10:17 -0700 


net ads join -Urw.hornbaker -d10 fails with:
 ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling 
kinit (please see below)

This was addressed 10/1/08 by Martin Zielinski and more recently by Gunther 
Deschner.  Both said to use client ldap sasl wrapping:
Using a new default compilation of samba 3.2.14 on x86_64, RHEL 5.3,

And placing
  client ldap sasl wrapping = sign
in smb.conf has no effect because testparm -s strips out this line.  Gunther 
suggested looking at the man page for more options but its not listed in man 
smb.conf.  Perhaps he is referrencing another man page.  Is there some 
./configure option that needs to be used to make "client ldap sasl wrapping" 
available or is there some other way to prevent the "No credentials cache 
found" error.

Thanks,
RW Hornbaker


ds_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/08/24 11:39:33, 10] libads/sasl.c:ads_sasl_spnego_bind(321)
ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit
[2009/08/24 11:39:33, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
kerberos_kinit_password: using [MEMORY:net_ads] as ccache and config 
[/var/cache/samba/smb_krb5/krb5.conf.EXAMPLE]
[2009/08/24 11:39:33, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Mon, 24 
Aug 2009 21:39:33 MDT
[2009/08/24 11:39:33, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
ads_krb5_mk_req: Ticket ([email protected]) in ccache 
(MEMORY:net_ads) is valid until: (Mon, 24 Aug 2009 21:39:33 MDT - 1251171573)
[2009/08/24 11:39:33, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
Got KRB5 session key of length 16
[2009/08/24 11:39:33, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong(er) authentication 
required
[2009/08/24 11:39:33, 1] utils/net_ads.c:net_ads_join(1470)
error on ads_startup: Strong(er) authentication required
[2009/08/24 11:39:33, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/lib64/samba/C.msg: No such file or directory
Failed to join domain: Strong(er) authentication required
[2009/08/24 11:39:33, 2] utils/net.c:main(1075)
return code = -1
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to