On Monday 11 June 2007 10:57, [EMAIL PROTECTED] wrote: > All, > > I have a RedHat Enterprise 3 update 5 server. This server has the rpm > binaries provided from a link off the samba.org site. I am attempting to > join the AD tree, and getting the error, "NT_STATUS_WRONG_PASSWORD". > > smb.conf: > [global] > workgroup = REMOVEME > realm=REALM > security = ADS > preferred master = no > bind interfaces only = yes > interfaces = eth0 > admin users = @REMOVEME+Admin > log level = 1 > use spnego = yes > client use spnego = yes > encrypt passwords = yes > deadtime = 15 > local master = no > prefered master = no > socket options = TCP_NODELAY > idmap uid = 40000-250000 > idmap gid = 40000-250000 > winbind enum users = no > winbind enum groups = no > winbind separator = + > winbind use default domain = no > winbind trusted domains only = yes > disable netbios = yes > password server=domainController > wins server = a1.a2.a3.a4 b1.b2.b3.b4 > [temp] > path = /tmp > valid users = @REMOVEME+Admin > public = no > writeable = yes > create mode = 770 > directory mode = 770 > force user = nobody > force group = nobody > > I perform the following commands: > kinit [EMAIL PROTECTED] > net -d3 ads [EMAIL PROTECTED] > > And I see the following: > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) > [2007/06/11 10:22:49, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration > Mon, 11 Jun 2007 20:22:48 EDT > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_start_connection(1426) > Connecting to host=domainController > [2007/06/11 10:22:49, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 3.170.65.210 at port 445 > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721) > Doing spnego session setup (blob length=117) > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 2 840 48018 1 2 2 > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 2 840 113554 1 2 2 > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 2 840 113554 1 2 2 3 > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) > got OID=1 3 6 1 4 1 311 2 2 10 > [2007/06/11 10:22:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754) > got [EMAIL PROTECTED] > [2007/06/11 10:22:49, 2] > libsmb/cliconnect.c:cli_session_setup_kerberos(546) Doing kerberos session > setup > [2007/06/11 10:22:50, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration > Mon, 11 Jun 2007 20:22:49 EDT > [2007/06/11 10:22:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine domainController pipe \lsarpc fnum 0xc00f > bind request returned ok. > [2007/06/11 10:22:50, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) > lsa_io_sec_qos: length c does not match size 8 > [2007/06/11 10:22:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) > rpc_pipe_bind: Remote machine domainController pipe \samr fnum 0xd bind > request returned ok. > Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) > Failed to join domain! > [2007/06/11 10:22:50, 2] utils/net.c:main(988) > return code = -1 > > The line, "lsa_io_sec_qos: length c does not match size 8", seems like > something is funky with my machine trust password. Guessing there is an > issues with crypting/decrypting it, or Password policy enforcers on the > 2003 AD server is rejecting the password. Just guessing though, Any ideas > or thoughts are most welcomed. > > ~Steve
If no one has any ideas on this, does anyone know of any commercial support offered for Samba/AD integration. I was looking for someone with indepth knowledge & experience with Samba & AD integration. Now I looked at the samba.org Commercial support page, and that data contained appears old (confirmed samba list maintainer that US list was update 3 years ago). So my questions, can anyone refer me to anyone they know that offers commercial grade support ? Location would be North East United States, ideally Connecticut or upstate New York. ~Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
