Bug 13755 - net ads join to armel arch Samba DC failed
Summary: net ads join to armel arch Samba DC failed
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Build (show other bugs)
Version: 4.9.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2019-01-18 20:58 UTC by Mathieu Parent
Modified: 2019-02-08 20:30 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Mathieu Parent 2019-01-18 20:58:59 UTC
(from https://bugs.debian.org/918432)

I can't connect workstation to samba DC configured on Orion platform
(armel arch) with installed  Debian Stretch (packages are fully updated to newest avaliable versions).  

net ads join -U administrator -d10  lead me to error: 
kerberos_kinit_password: as administrator@AD.ROWEROWANORKA.PL using
[MEMORY:libnet_join_user_creds] as ccache and config
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_init_sec_context failed with [ Miscellaneous failure (see text):
Server (ldap/dc1.ad.rowerowanorka.pl@AD.ROWEROWANORKA.PL) unknown]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed:
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR

Wiresharked  Kerberos transmission gave me another level of debug: 
AS-REQ:  cname: KRB5-NT-PRINCIPAL: administrator, REAL:
AS-REP:  NT Status: Unknown error code 0x522e4441 

and next: 
TGS-REQ for  KRB5-NT-PRINCIPAL: ldap dc1.ad.rowerowanorka.pl 

What I checked: 
- clean samba tdb,ldb files and smb.conf/krb5.conf according to
  samba.org manual for preparing to install DC.  Promote DC controller again. Problem with connect
  workstation to samba DC on armel arch persists. 
- I installed samba DC on amd64 architecture and successfully connect workstation
  to DC.
Comment 1 Mathieu Parent 2019-01-18 21:04:26 UTC
Andrew, any idea?
Comment 2 Louis 2019-01-28 14:34:41 UTC

Can the TS post the configs of both server also.

please show 

Comment 3 Mathieu Parent 2019-02-08 20:30:39 UTC
There are some additional infos at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918432#27 (including a network capture).

> When I analyzing Wireshark dump I found something strange. Kerberos
> "NT Status Error" is a part of string  "AD.ROWEROWANORKA.PL" what is
> Kerberos REALM name.