On Wednesday 18 July 2007 12:14:38 Bernd Schubert wrote:
> [2007/07/18 12:12:07, 2] libads/ldap.c:ldap_open_with_timeout(70)
> Could not open LDAP connection to ads-2k3.ads2k3.q-leap.de:389: No such
This could be solved by adding ads-2k3.ads2k3.q-leap.de to the /etc/hosts, the
problem is probably due to a windows misconfiguration. I just wonder why it
hasn't been a problem with samba-3.0.22
Still, our main problems remains.
255 ha-test-1(new):/var/lock# net ads join
Password:
Password? We have a kerberos ticket and with samba-3.0.22 it doesn't ask for a
password.
===============================================================================
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/[EMAIL PROTECTED]
Valid starting Expires Service principal
07/18/07 16:27:37 07/19/07 02:27:37 krbtgt/[EMAIL PROTECTED]
renew until 07/25/07 16:27:37
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
===============================================================================
So lets proceed without providing a password, but now with debug messages
enabled.
[2007/07/18 16:28:58, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Thu, 19 Jul 2007 02:27:37 CEST
[2007/07/18 16:28:58, 10] libsmb/clikrb5.c:ads_krb5_mk_req(624)
ads_krb5_mk_req: Ticket ([EMAIL PROTECTED]) in ccache
(FILE:/tmp/krb5cc_0) is valid until: (Thu, 19 Jul 2007 02:27:37 CEST -
1184804857)
[2007/07/18 16:28:58, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(735)
Got KRB5 session key of length 16
Password:
[...]
[2007/07/18 16:29:38, 10] libads/sasl.c:ads_sasl_spnego_bind(262)
ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling
kinit
[2007/07/18 16:29:38, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
kerberos_kinit_password: using [MEMORY:net_ads] as ccache and config
[/var/lock/smb_krb5/krb5.conf.ADS2K3]
[2007/07/18 16:29:38, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in
Kerberos database
Failed to disable machine account in AD. Please do so manually.
Failed to join domain: Type or value exists
[2007/07/18 16:29:39, 2] utils/net.c:main(1032)
return code = -1
Why is it here trying to get a ticket for "[EMAIL PROTECTED]"? With
samba-3.0.22 it only tried to get tickets
like "[EMAIL PROTECTED]"
I'm rather lost here, the sources differ rather much between 3.0.22 and 3.0.25
and its behaviour also does differ. But so far I didn't find any
documentation about ads configuration changes.
Any help is appreciated.
Thanks in advance,
Bernd
--
Bernd Schubert
Q-Leap Networks GmbH
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
