[storage-discuss] b81: CIFS Server joining domain failure

Fri, 15 Feb 2008 13:00:07 -0800 

We're trying to get the CIFS server in b81 to join one of our domains,
but smbadm fails with varying error messages.  The system can get a TGT
from any of our DCs, and message signing was disabled in the default dc
GPO.  I've attached our krb5.conf, CLI content, and relevant
/var/adm/message content.
 
Since this is in a lab, we are not concerned about the confidentiality
of our krb5.conf information.
 
Using the same krb5.conf file on another node, we were able to join a
Solaris 10U4 system to the domain (winbind).
 
First question to the group -- how can we get more detailed debugging
information on where it is failing?
 
Second question -- is there anything blatantly obvious about the
configuration or commands that is incorrect?
 
Third question -- is this a known issue?
 
Best Regards,
Nick Ross
 
 
Nick Ross
Sr. Systems Engineer
Applied Computer Solutions
Direct Line 714.861.2291
[EMAIL PROTECTED]
 

# smbadm join -u Administrator hb.acsportal.com Enter domain password: 
Joining 'hb.acsportal.com' ... this may take a minute ...
failed to join domain 'hb.acsportal.com' (LOGON_FAILURE)

# klist
klist: No credentials cache file found (ticket cache FILE:/tmp/krb5cc_0)

# kinit
kinit(v5): Client not found in Kerberos database while getting initial 
credentials

# kinit Administrator
Password for [EMAIL PROTECTED]: 

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting                Expires                Service principal
02/13/08 18:48:45  02/14/08 04:48:46  krbtgt/[EMAIL PROTECTED]
        renew until 02/20/08 18:48:45

# smbadm join -u Administrator hb.acsportal.com Enter domain password: 
Joining 'hb.acsportal.com' ... this may take a minute ...
failed to join domain 'hb.acsportal.com' (LOGON_FAILURE)
Feb 13 17:38:15 sjm-b81 smbd[970]: [ID 995127 daemon.error] dyndns: UDP send 
error (Bad file number)
Feb 13 17:38:15 sjm-b81 smbd[970]: [ID 342079 daemon.error] smb_ads: 
send/receive error
Feb 13 17:38:18 sjm-b81 smbd[970]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 17:38:19 sjm-b81 smbd[970]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 17:42:37 sjm-b81 smbd[970]: [ID 970359 daemon.error] smbd: 
fully-qualified domain name is unknown
Feb 13 17:42:57 sjm-b81 smbd[970]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 17:42:58 sjm-b81 smbd[970]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 17:48:49 sjm-b81 smbd[424]: [ID 995127 daemon.error] dyndns: UDP send 
error (Bad file number)
Feb 13 17:48:49 sjm-b81 smbd[424]: [ID 342079 daemon.error] smb_ads: 
send/receive error
Feb 13 17:48:51 sjm-b81 smbd[424]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 17:48:53 sjm-b81 smbd[424]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 17:53:20 sjm-b81 smbd[424]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 17:53:22 sjm-b81 smbd[424]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 18:06:25 sjm-b81 smbd[841]: [ID 995127 daemon.error] dyndns: UDP send 
error (Bad file number)
Feb 13 18:06:25 sjm-b81 smbd[841]: [ID 342079 daemon.error] smb_ads: 
send/receive error
Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 974439 daemon.error] smb_kinit: NOT 
Authenticated to Kerberos v5  k5_begin failed
Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 305693 daemon.error] ads: major status 
error: An invalid name was supplied
Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 434683 daemon.error] ads: minor status 
error: Improper format of Kerberos /etc/krb5/krb5.conf configuration file
Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 18:09:10 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 18:09:12 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 18:10:55 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 18:10:57 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 18:12:10 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit to 
acquire credential.
Feb 13 18:12:11 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed 
joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 18:48:11 sjm-b81.hb.acsportal.com smbd[419]: [ID 995127 daemon.error] 
dyndns: UDP send error (Bad file number)
Feb 13 18:48:11 sjm-b81.hb.acsportal.com smbd[419]: [ID 342079 daemon.error] 
smb_ads: send/receive error
Feb 13 18:48:14 sjm-b81.hb.acsportal.com smbd[419]: [ID 871254 daemon.error] 
smbd: failed joining hb.acsportal.com (LOGON_FAILURE)
Feb 13 18:54:07 sjm-b81.hb.acsportal.com smbd[419]: [ID 871254 daemon.error] 
smbd: failed joining hb.acsportal.com (LOGON_FAILURE)
Feb 13 18:57:32 sjm-b81.hb.acsportal.com smbd[789]: [ID 995127 daemon.error] 
dyndns: UDP send error (Bad file number)
Feb 13 18:57:32 sjm-b81.hb.acsportal.com smbd[789]: [ID 342079 daemon.error] 
smb_ads: send/receive error
Feb 13 18:57:34 sjm-b81.hb.acsportal.com smbd[789]: [ID 362282 daemon.error] 
ads: Retry kinit to acquire credential.
Feb 13 18:57:35 sjm-b81.hb.acsportal.com smbd[789]: [ID 871254 daemon.error] 
smbd: failed joining hb.acsportal.com (UNSUCCESSFUL)
Feb 13 19:01:11 sjm-b81.hb.acsportal.com smbd[789]: [ID 362282 daemon.error] 
ads: Retry kinit to acquire credential.
Feb 13 19:01:21 sjm-b81.hb.acsportal.com smbd[789]: [ID 871254 daemon.error] 
smbd: failed joining hb.acsportal.com (OPEN_FAILED)
Feb 13 19:05:20 sjm-b81.hb.acsportal.com smbd[861]: [ID 995127 daemon.error] 
dyndns: UDP send error (Bad file number)
Feb 13 19:05:20 sjm-b81.hb.acsportal.com smbd[861]: [ID 342079 daemon.error] 
smb_ads: send/receive error
Feb 13 19:05:22 sjm-b81.hb.acsportal.com smbd[861]: [ID 871254 daemon.error] 
smbd: failed joining hb.acsportal.com (LOGON_FAILURE)
Feb 13 19:06:48 sjm-b81.hb.acsportal.com smbd[861]: [ID 871254 daemon.error] 
smbd: failed joining HB.ACSPORTAL.COM (LOGON_FAILURE)
Feb 13 20:01:12 sjm-b81.hb.acsportal.com smbd[861]: [ID 871254 daemon.error] 
smbd: failed joining hb.acsportal.com (LOGON_FAILURE)
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)krb5.conf  1.3     04/03/25 SMI"
#

# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
#
[libdefaults]
        default_realm = HB.ACSPORTAL.COM 

[realms]
        HB.ACSPORTAL.COM = {
                kdc = dominion.hb.acsportal.com
                kdc = dc-02.hb.acsportal.com 
                admin_server = dominion.hb.acsportal.com 
                kpasswd_server = dominion.hb.acsportal.com
                kpasswd_protocol = SET_CHANGE
        }

[domain_realm]
        .hb.acsportal.com = HB.ACSPORTAL.COM

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

                period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }
        gkadmin = {
                help_url = 
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
        }
_______________________________________________
storage-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/storage-discuss

Reply via email to