Re: [Samba] samba 3.0 kerberos question
Quoting Andrew Bartlett [EMAIL PROTECTED]: On Thu, 2003-10-23 at 06:19, Bob Bartels wrote: I have successfully joined a machine to a active directory and got a kerberos session ticket. Smbclient //server/share$ -k works and allows me access to the dirs on a server in the domain in which I authenticated and received a krb ticket from. smbmount //server/share$ /localmount -o krb Should work as well...right?? NO! I get this error when I try it: Warning: kerberos support will only work for samba servers Anonymous login successful 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed Why is this happening and is there a way to mount a sharepoint after getting a kerberos ticket without having the re-authenticate? Not with smbfs. It is hoped that the CIFS VFS will get better in this regard. So is there any solution to use smb shares (on Samba AND Windows Servers) as home directories for linux users with all their consequences? I mean automatically mount them at boot time, use pam_mkhomedir with them, single signon during the logon process, etc. That's what I was expecting from the release of Samba 3.0, centralized home directories for Windows and Linux users in heterogeneous networks resulting in dramatically reduced administration efforts and the end of not unnecessary redundant information... Kerberos is the key to that scenario. Regards, Axel Suppantschitsch. Dipl.-Ing. (FH) Axel Suppantschitsch --- FH JOANNEUM Gesellschaft mbH University of Applied Sciences Department of Information Management Operating System Technologies Alte Poststrasse 147, A-8020 Graz www.fh-joanneum.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbindd: krb5_cc_get_principal failed
Well, I've got the three tickets now, but there is still the error in winbindd.log: [2003/10/14 10:34:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) Cheers, Axel. Quoting Gavin Davenport [EMAIL PROTECTED]: It sounds like : make sure you've 'left' the domain (net ads leave) kinit as the domain admin user. klist should list you one ticket. Then net join ads (no parameters) this should use the (cached) Domain Administrator ticket to handle smb logins. you should now have 3 tickets listed in klist. Any help ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Axel Suppantschitsch Sent: 13 October 2003 14:31 To: [EMAIL PROTECTED] Subject: [Samba] winbindd: krb5_cc_get_principal failed Hiya, I'm using Fedora Test 2 and Samba 3.0.0-15 packages from Redhat/Fedora rawhide with a Windows 2003 Server. I'm also using MIT Kerberos 1.3.1. Everytime winbindd ist started, it writes following error into /var/log/samba/winbindd.log: [2003/10/13 10:13:40, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0-15 started. Copyright The Samba Team 2000-2003 [2003/10/13 10:13:41, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain SAMBA30 SAMBA30.TEST [2003/10/13 10:13:41, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/10/13 10:13:42, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list How can I get rid of this libsmb/clikrb5.c:ads_krb5_mk_req(269) error? Cheers, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_winbind: Internal module error
Hiya, I'm using Fedora Test 2 and Samba 3.0.0-15 packages from Redhat/Fedora rawhide with a Windows 2003 Server. wbinfo -u and wbinfo -g work without any errors, the entries to nsswitch.conf were made. I edited /etc/system-auth and added all necessary lines for pam_winbind as described in the samba documentation. Anyway, users that only exist within the Windows domain can't log on. Each logon creates following errors in /var/log/messages: Oct 13 14:56:07 samba30srv pam_winbind[12775]: request failed: Unexpected information received, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER Oct 13 14:56:07 samba30srv pam_winbind[12775]: internal module error (retval = 4, user = `NOUSER' Oct 13 14:56:07 samba30srv sshd(pam_unix)[12775]: check pass; user unknown Oct 13 14:56:07 samba30srv sshd(pam_unix)[12775]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=fh.fh-joanneum.at My /etc/system-auth looks like this: authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_winbind.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_winbind.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0077 session required /lib/security/$ISA/pam_unix.so Any suggestions? Cheers, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join Kerberos credentials only after kinit?
According to the latest version of the Samba Documentation there are three major steps to add a samba server as member server to an ADS: 1.) Configure samba correctly to use ADS (smb.conf). 2.) Configure Kerberos correctly to work with ADS KDC (krb5.conf). 3.) Join the samba server with net ads join -U Administrator. Well, all this sounds good, but it definetly doesn't work, you won't have any kerberos tickets in your credentials cache after this process. So either the samba documentation is incomplete, or there is a bug in samba. Anyway, it seems that I found a workable solution: I use Samba 3.0.0 release. I use MIT Kerberos libaries 1.3.1 (Don't know if this works with Heimdal). I tested this with Windows 2000 and Windows 2003 Servers. It worked on both. 1.) Do a kinit [EMAIL PROTECTED]. This will get you initial kerberos credentials. It is essential to get credentials _BEFORE_ step #2! 2.) Do a net ads join. This will use your kerberos credentials from step #1 and add the samba server to your ADS domain without the need to specify a username or a password. 3.) Do a klist and you will see three different tickets in your kerberos credentials cache. 4.) Do a smbclient -k \\windowsserver\share and it should connect you without enterning username and password. At this point I ask you guys, whether this is a bug or a feature: 1.)If it is a feature the samba documentation needs to be changed in order to require valid Administrator kerberos credentials _BEFORE_ doing a net ads join. This needs to be explicitely mentioned! 2.)If it is a bug, you know what you have to do... ;) Hope this helps all the guys out there struggeling with the same problem and asking me for help... ;) Regards, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join Kerberos credentials only after kinit?
You might be right, but the use of kinit is only mentioned for testing purposes, but not as an essential part of the implementation... My process generates following credentials: [EMAIL PROTECTED] root]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/01/03 14:24:47 10/02/03 00:25:36 krbtgt/[EMAIL PROTECTED] renew until 10/02/03 14:24:47 10/01/03 14:25:57 10/02/03 00:25:36 [EMAIL PROTECTED] renew until 10/02/03 14:24:47 10/01/03 14:25:57 10/01/03 14:27:57 kadmin/[EMAIL PROTECTED] renew until 10/01/03 14:27:57 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] root]# Your process generates following credentials: [EMAIL PROTECTED] root]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/02/03 13:16:21 10/02/03 23:17:10 krbtgt/[EMAIL PROTECTED] renew until 10/03/03 13:16:21 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] root]# Any suggestions? Regards, Axel. Quoting Andrew Smith-MAGAZINES [EMAIL PROTECTED]: The purpose of net ads join -U Administrator%password (password is required) is not to obtain a Kerberos ticket but to create a computer account in the AD thereby setting up the trust required for other clients to authenticate to the Samba server with an AD Kerberos TGT. Use kinit from any client system, after doing the net ads join on the Samba server, to get your TGT and I think you'll find everything works as intended, thanks Andy. -Original Message- From: Axel Suppantschitsch [mailto:[EMAIL PROTECTED] Sent: 02 October 2003 10:29 To: [EMAIL PROTECTED] Subject: [Samba] net ads join Kerberos credentials only after kinit? According to the latest version of the Samba Documentation there are three major steps to add a samba server as member server to an ADS: 1.) Configure samba correctly to use ADS (smb.conf). 2.) Configure Kerberos correctly to work with ADS KDC (krb5.conf). 3.) Join the samba server with net ads join -U Administrator. Well, all this sounds good, but it definetly doesn't work, you won't have any kerberos tickets in your credentials cache after this process. So either the samba documentation is incomplete, or there is a bug in samba. Anyway, it seems that I found a workable solution: I use Samba 3.0.0 release. I use MIT Kerberos libaries 1.3.1 (Don't know if this works with Heimdal). I tested this with Windows 2000 and Windows 2003 Servers. It worked on both. 1.) Do a kinit [EMAIL PROTECTED]. This will get you initial kerberos credentials. It is essential to get credentials _BEFORE_ step #2! 2.) Do a net ads join. This will use your kerberos credentials from step #1 and add the samba server to your ADS domain without the need to specify a username or a password. 3.) Do a klist and you will see three different tickets in your kerberos credentials cache. 4.) Do a smbclient -k \\windowsserver\share and it should connect you without enterning username and password. At this point I ask you guys, whether this is a bug or a feature: 1.)If it is a feature the samba documentation needs to be changed in order to require valid Administrator kerberos credentials _BEFORE_ doing a net ads join. This needs to be explicitely mentioned! 2.)If it is a bug, you know what you have to do... ;) Hope this helps all the guys out there struggeling with the same problem and asking me for help... ;) Regards, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.0 RC1: Unable to find a suitable server
Thanks for your update, it seems to be working now. log.winbindd shows following: [2003/09/08 11:43:59, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain SAMBA30 SAMBA30.TEST Anyway, my problems with Kerberos 5 (I am using the MIT version and not Heimdal) and SMB signing (Windows 2003 Server?) still exist. I'll open two new threads for them, maybe we can resolve them as effectivly as the ads join bug. Thanks for your help! Cheers, Axel. Quoting Gerald (Jerry) Carter [EMAIL PROTECTED]: OK. I think we can handle this (no workgroup defined in smb.conf; only a realm) in the current SAMBA_3_0 cvs. I just checked in the fix so give the anonymous cvs tree a little bit of time to sync up before you update. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MIT Kerberos 5 won't work with latest Samba 3.0.0cvs
As I learned from former threads, net ads join should not only join the Samba server to ADS, but also create Kerberos 5 credentials on the Linux box running Samba 3.0. Well, thanks Jerry joining the Samba 3.0 to ADS works now, but I won't get any Kerberos 5 credentials. winbindd throws errors because of missing Kerberos credentials. Kerberos 5 support is copiled into my samba binaries. I'm using following RPMs of MIT Kerberos 5: krb5-workstation-1.2.7-14 pam_krb5-1.60-1 krb5-devel-1.2.7-14 krb5-server-1.2.7-14 krb5-libs-1.2.7-14 Kerberos 5 is working like a charm with my Windows 2003 Server: *** SNIP *** [EMAIL PROTECTED] source]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] source]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] source]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 09/08/03 14:59:09 09/09/03 00:59:09 krbtgt/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] source]# kdestroy [EMAIL PROTECTED] source]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] source]# *** SNAP *** If I now join my Samba 30 Server to my Windows 2003 ADS, I won't get any credentials: *** SNIP *** [EMAIL PROTECTED] x]# net ads join -U Administrator -d3 [2003/09/08 15:15:16, 3] param/loadparm.c:lp_load(3914) lp_load: refreshing parameters [2003/09/08 15:15:16, 3] param/loadparm.c:init_globals(1300) Initialising global parameters [2003/09/08 15:15:17, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2003/09/08 15:15:17, 3] param/loadparm.c:do_section(3417) Processing section [global] [2003/09/08 15:15:17, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.201 bcast=192.168.0.255 nmask=255.255.255.0 Administrator password: [2003/09/08 15:15:27, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 192.168.0.200 [2003/09/08 15:15:27, 3] libads/ldap.c:ads_server_info(1877) got ldap server name [EMAIL PROTECTED], using bind path: dc=SAMBA30,dc=TEST [2003/09/08 15:15:27, 3] libads/sasl.c:ads_sasl_spnego_bind(184) got OID=1 2 840 48018 1 2 2 [2003/09/08 15:15:27, 3] libads/sasl.c:ads_sasl_spnego_bind(184) got OID=1 2 840 113554 1 2 2 [2003/09/08 15:15:27, 3] libads/sasl.c:ads_sasl_spnego_bind(184) got OID=1 2 840 113554 1 2 2 3 [2003/09/08 15:15:27, 3] libads/sasl.c:ads_sasl_spnego_bind(184) got OID=1 3 6 1 4 1 311 2 2 10 [2003/09/08 15:15:27, 3] libads/sasl.c:ads_sasl_spnego_bind(191) got [EMAIL PROTECTED] [2003/09/08 15:15:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/09/08 15:15:27, 3] libads/ldap.c:ads_workgroup_name(1969) Found alternate name 'SAMBA30' for realm 'SAMBA30.TEST' Using short domain name -- SAMBA30 Joined 'SAMBA30SRV' to realm 'SAMBA30.TEST' [2003/09/08 15:15:27, 2] utils/net.c:main(758) return code = 0 [EMAIL PROTECTED] source]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] source]# *** SNAP *** Of course, winbindd throws errors without Kerberos 5 credentials: *** SNIP *** [2003/09/08 11:43:59, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain SAMBA30 SAMBA30.TEST [2003/09/08 11:43:59, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) *** SNAP *** Any suggestions? Cheers, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.0 RC1: Unable to find a suitable server
Just updated and recompiled my cvs version. net ads join is working now, the samba server is added to Active Directory Users and Computers without any error. Anyway, I didn't get any Kerberos credentials during the join, so klist shows nothing afterwards. smbclient -k won't work, throwing session setup failed: NT_STATUS_OK. There is another problem with the winbindd, it won't start. Besides the failing SMB signing with my Win2003 Server, ads_connect still tries to connect to domain MYGROUP instead of connecting to my ADS. [2003/09/05 12:10:08, 1] nsswitch/winbindd.c:main(832) winbindd version CVS 3.0.0rc3 started. Copyright The Samba Team 2000-2003 [2003/09/05 12:10:09, 1] libsmb/smb_signing.c:signing_good(227) signing_good: SMB signature check failed on seq 1! [2003/09/05 12:10:09, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! [2003/09/05 12:10:09, 1] libsmb/smb_signing.c:signing_good(227) signing_good: SMB signature check failed on seq 1! [2003/09/05 12:10:09, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! [2003/09/05 12:10:09, 1] libsmb/smb_signing.c:signing_good(227) signing_good: SMB signature check failed on seq 1! [2003/09/05 12:10:09, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! [2003/09/05 12:10:09, 1] nsswitch/winbindd_util.c:add_trusted_domain(142) Added domain MYGROUP [2003/09/05 12:10:10, 1] nsswitch/winbindd_ads.c:ads_cached_connection(66) ads_connect for domain MYGROUP failed: No such file or directory [2003/09/05 12:10:10, 1] nsswitch/winbindd_util.c:add_trusted_domains(199) scanning trusted domain list Any suggestions? Cheers, Axel. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 04. September 2003 21:47 To: Axel Suppantschitsch Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Samba 3.0.0 RC1: Unable to find a suitable server I just checked in a fix for this into CVS. If you could test it as well that would be great. The change was to utils/net_ads.c cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 Beta 3: krb5_cc_get_principal failed butJoin to realm successful?
Hiya, as I was not capable of getting only close to join the RC1 of Samba 3.0 to my ADS realm, I downgraded to the Redhat 9.0 rpm version of Samba 3.0 Beta 3 from download.samba.org. With this package I get a lot closer to a working solution. Anyway, Kerberos is not working as supposed during the net ads join process which should leave a bunch of Kerberos credentials in the ticket cache. Not in my case, where the join of the ADS realm seems to be successful (Samba server is visible in Active Directory Users and Computers), but _NO_ Kerberos credetials are available at all due to an error... YES, I have changed the Administrator password after I raised the Win 2003 Server to a Domain Controller! And YES, I already tried RC1 (I compiled the rpms exactly as instructed with the delivered spec file and the affiliated shell script (see post [Samba] Samba 3.0.0 RC1: Unable to find a suitable server)! Once again the process of the successful join to my ADS realm with the missing Kerberos credentials: * SNIP [EMAIL PROTECTED] samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] samba]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 08/20/03 15:31:13 08/21/03 01:31:13 krbtgt/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] samba]# kdestroy [EMAIL PROTECTED] samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] samba]# net ads join -U Administrator Administrator password: [2003/08/20 15:32:11, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267) krb5_cc_get_principal failed (No credentials cache found) Joined 'SAMBA30SRV' to realm 'SAMBA30.TEST' [EMAIL PROTECTED] samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached * SNAP * Any suggestions? Wbr, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.0 Beta 3: krb5_cc_get_principal failed butJoin to realm successful?
Hi Andrew, well, then smbclient //sambaserver/share -k should work if the credentials are in the memory, but it doesn't as it can't find any credentials... The other way round I can't access the samba share from a windows client without being asked for username and password. So both after-ads-join-tests from the Samba documentation have failed in my scenario... Wbr, Axel. I think we do it all on a 'in memory' keytab now, so we don't store it about after the join. If you manually kinit I think it just uses that cache. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 RC1: Unable to find a suitable server
Hiya, I compiled the RPMs of Samba 3.0.0 RC1 according to ../samba-3.0.0rc1/packaging/RedHat/samba.spec and installed the binaries from the freshly compiled rpm on my up2date Redhat 9.0 Server. The command net join -U Administrator%** -d10 creates following error: * SNIP * [EMAIL PROTECTED] RedHat]# net join -U Administrator% -d10 [2003/08/19 14:39:55, 5] lib/debug.c:debug_dump_status(359) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 [2003/08/19 14:39:55, 3] param/loadparm.c:lp_load(3907) lp_load: refreshing parameters [2003/08/19 14:39:55, 3] param/loadparm.c:init_globals(1301) Initialising global parameters [2003/08/19 14:39:55, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2003/08/19 14:39:55, 3] param/loadparm.c:do_section(3410) Processing section [global] doing parameter realm = SAMBA30.TEST doing parameter server string = Samba Server doing parameter security = ADS doing parameter client lanman auth = No doing parameter client plaintext auth = No doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter dns proxy = No [2003/08/19 14:39:55, 4] param/loadparm.c:lp_load(3939) pm_process() returned Yes [2003/08/19 14:39:55, 7] param/loadparm.c:lp_servicenumber(4049) lp_servicenumber: couldn't find homes [2003/08/19 14:39:55, 10] param/loadparm.c:set_server_role(3857) set_server_role: role = ROLE_DOMAIN_MEMBER [2003/08/19 14:39:55, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:55, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/charcnv.c:charset_name(74) Substituting charset 'UTF-8' for LOCALE [2003/08/19 14:39:56, 5] lib/util.c:init_names(270) Netbios name list:- my_netbios_names[0]=SAMBA30SRV [2003/08/19 14:39:56, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.201 bcast=192.168.0.255 nmask=255.255.255.0 [2003/08/19 14:39:56, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for domain 'WORKGROUP' [2003/08/19 14:39:56, 8] libsmb/namequery.c:get_sorted_dc_list(1215) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2003/08/19 14:39:56, 10] libsmb/namequery.c:internal_resolve_name(989) internal_resolve_name: looking up WORKGROUP#1c [2003/08/19 14:39:56, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/cache/samba/gencache.tdb [2003/08/19 14:39:56, 10] lib/gencache.c:gencache_get(285) Cache entry with key = NBT/WORKGROUP#1C couldn't be found [2003/08/19 14:39:56, 5] libsmb/namecache.c:namecache_fetch(195) no entry for WORKGROUP#1C found. [2003/08/19 14:39:56, 10] lib/gencache.c:gencache_del(213) Deleting cache entry (key = NBT/WORKGROUP#1C) [2003/08/19 14:39:56, 3] libsmb/namequery.c:resolve_lmhosts(850) resolve_lmhosts: Attempting lmhosts lookup for name WORKGROUP0x1c [2003/08/19 14:39:56, 4] libsmb/namequery.c:getlmhostsent(598) getlmhostsent: lmhost entry: 127.0.0.1 localhost [2003/08/19 14:39:56, 3] libsmb/namequery.c:resolve_wins(748) resolve_wins: Attempting wins lookup for name WORKGROUP0x1c [2003/08/19 14:39:56, 3] libsmb/namequery.c:resolve_wins(751) resolve_wins: WINS server resolution selected and no WINS servers listed. [2003/08/19 14:39:56, 5] libsmb/namequery.c:resolve_hosts(899) resolve_hosts: Attempting to resolve DC's for WORKGROUP using DNS [2003/08/19 14:39:56, 3] libsmb/namequery.c:name_resolve_bcast(690) name_resolve_bcast: Attempting broadcast lookup for name WORKGROUP0x1c [2003/08/19 14:39:56, 10] lib/util_sock.c:open_socket_in(655) bind succeeded on port 0 [2003/08/19 14:39:56, 5] lib/util_sock.c:print_socket_options(105) socket option SO_KEEPALIVE = 0 [2003/08/19 14:39:56, 5] lib/util_sock.c:print_socket_options(105) socket option SO_REUSEADDR = 1 [2003/08/19 14:39:56, 5] lib/util_sock.c:print_socket_options(105)
[Samba] Error on joining a Windows 2003 ADS domain with Samba 3.0Beta 3
2 2 [2003/08/12 14:26:32, 3] libads/sasl.c:ads_sasl_spnego_bind(183) got OID=1 2 840 113554 1 2 2 [2003/08/12 14:26:32, 3] libads/sasl.c:ads_sasl_spnego_bind(183) got OID=1 2 840 113554 1 2 2 3 [2003/08/12 14:26:32, 3] libads/sasl.c:ads_sasl_spnego_bind(183) got OID=1 3 6 1 4 1 311 2 2 10 [2003/08/12 14:26:32, 3] libads/sasl.c:ads_sasl_spnego_bind(190) got [EMAIL PROTECTED] [2003/08/12 14:26:32, 1] libsmb/clikrb5.c:cli_krb5_get_ticket(343) krb5_set_default_tgs_ktypes failed (Program lacks support for encryption type)net: relocation error: net: undefined symbol: krb5_cc_initialize [EMAIL PROTECTED] root]# * SNAP * System description: On the Windows side I use a Windows 2003 Enterprise Server with ADS in native mode which is patched using the latest updates. On the Linux side I use a Redhat 9.0 Server with all packages installed which is also patched using the latest updates. The Samba 3.0 Beta 3 binary distribution is from Redhat RawHide found at www.rpmfind.net: samba-3.0.0-3beta3.rpm samba-common-3.0.0-3beta3.rpm samba-client-3.0.0-3beta3.rpm samba-swat-3.0.0-3beta3.rpm BTW: kinit is working perfectly with the KDC of the Windows 2003 Enterprise server, I get a ticket. Any suggestions? wbr, Axel Suppantschitsch -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error on joining a Windows 2003 ADS domain with Samba 3.0Beta 3
Meanwhile I tried the same with a Windows 2000 Advanced Server, but without any success... I get exactly the same error and kinit works here as well. wbr, Axel. - Original Message - From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Axel Suppantschitsch [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 9:05 AM Subject: Re: [Samba] Error on joining a Windows 2003 ADS domain with Samba 3.0 Beta 3 change the administrator password once one the 2003 DC. cheers, jerry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba