I ended up upgrading openssl, compiling kerberos from source and
recompiling samba against that. After the recompile I was able to get
Solaris to join the domain with the existing configuration.
It looks like there is some feature in kerberos that samba needs but
kerberos that comes with Solaris does not provide. It's got something
to do with krb5_mk_req_extended but I'm not sure exactly what. I read
somewhere that Solaris (9) only provides the gssapi and not the "older
krb5" interface. This seems no longer to be the case but it does look
like the features available through krb5 may only be partial.
Tom Hallam
Tom Hallam wrote:
We've just set up a number of linux servers to access our AD server
(Windows server 2008) and now have to set up a Solaris server. I've
downloaded, compiled and install Samba (3.4.2), configured kerberos
and am now trying to get it to join the AD. I get the following error:
samba-3.4.2/source3# net ads join -U username
Enter username's password:
[2009/10/13 13:10:42, 0] libads/sasl.c:819(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file
not configured
Failed to join domain: failed to connect to AD: krb5 conf file not
configured
samba-3.4.2/source3#
If I run with "-d 1" I get:
....
[2009/10/13 13:26:47, 1] libnet/libnet_join.c:1871(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'BADGER'
domain_name : *
domain_name : 'EEDS.EE.UWA.EDU.AU'
account_ou : NULL
admin_account : 'thallam'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2009/10/13 13:26:48, 1] libsmb/clikrb5.c:786(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_mk_req_extended failed (krb5 conf file not
configured)
[2009/10/13 13:26:48, 0] libads/sasl.c:819(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file
not configured
[2009/10/13 13:26:48, 1] libnet/libnet_join.c:1902(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'EEDS'
dns_domain_name : 'eeds.ee.uwa.edu.au'
forest_name : 'eeds.ee.uwa.edu.au'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-2693662547-1243528254-4028546715
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: krb5
conf file not configured'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
Failed to join domain: failed to connect to AD: krb5 conf file not
configured
....
I've checked the krb5.conf file and it's fine. Issuing tickets etc
works. Any ideas what the issue is.?
Tom Hallam
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
