Bug 4864 - broken krb5 code?
broken krb5 code?
Status: RESOLVED DUPLICATE of bug 4863
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.25b
Sparc Solaris
: P3 major
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-07 07:10 UTC by Alexandr
Modified: 2007-08-08 05:18 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandr 2007-08-07 07:10:49 UTC
in versions after 3.0.24 joining AD domain with ads security failed

# net ads join -U adminuser
adminuser's password:
[2007/08/07 15:05:53, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password adminuser@USR.NW.PWD.RU failed: Preauthentication failed
Failed to join domain: Logon failure

The same configuration samba 3.0.24 works fine..



DETAILS:
SPARC Solaris 10


heimdal kerberos 1.0
[libdefaults]
        default_realm = USR.NW.PWD.RU
        dns_lookup_realm = false
        dns_lookup_kdc = false
        default_tkt_enctypes = des-cbc-md5 des-cbc-crc
        default_tgs_enctypes = des-cbc-md5 des-cbc-crc
        verify_ap_req_nofail = false

[realms]
        USR.NW.PWD.RU = {
                kdc = dcpsk1.usr.nw.PWD.ru:88
                kdc = dcpsk2.usr.nw.PWD.ru:88
                admin_server = dcpsk1.usr.nw.PWD.ru:749
                kpasswd_server = dcpsk1.usr.nw.PWD.ru:464
                kpasswd_protocol = SET_CHANGE
                default_domain = pskov.PWD.ru
        }

[domain_realm]
        usr.nw.PWD.ru = USR.NW.PWD.RU
        .usr.nw.PWD.ru = USR.NW.PWD.RU
        pskov.PWD.ru = USR.NW.PWD.RU
        .pskov.PWD.ru = USR.NW.PWD.RU

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

                period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }

		
# kinit adminuser
adminuser@USR.NW.PWD.RU's Password:
# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: adminuser@USR.NW.PWD.RU

  Issued           Expires          Principal
Aug  7 15:01:01  Aug  8 01:01:01  krbtgt/USR.NW.PWD.RU@USR.NW.PWD.RU


samba configuration:
CONFIGURE_ARGS=--enable-pie                    \
        --localstatedir=/var                    \
        --with-privatedir=/var/samba            \
        --with-lockdir=/var/samba               \
        --with-piddir=/var/run                  \
        --with-configdir=${PREFIX}/etc/samba    \
        --with-logfilebase=/var/log/samba       \
        --with-readline --with-libiconv         \
        --with-ldap --with-ads --with-krb5      \
        --with-pam --with-pam_smbpass           \
        --with-quotas --without-utmp            \
        --with-libmsrpc --with-libsmbclient     \
        --with-libsmbsharemodes                 \
        --with-acl-support --with-aio-support   \
        --with-sendfile-support --with-winbind  \
        --without-python                        \
        --with-shared-modules=idmap_rid,idmap_ad 				\
		--with-libdir=${PREFIX}/lib/samba/sparcv9    			\
        --with-pammodulesdir=${PREFIX}/lib/security/sparcv9     \
        --enable-cups --enable-iprint



smb.conf
[global]

# unix shell

template homedir = /export/home/%U
template shell = /bin/sh

winbind nested groups = yes

log level = 3

# charset
dos charset = 866
unix charset = CP1251
display charset = CP1251

security = ads
password server = 10.7.5.20 10.7.5.25
realm = USR.NW.PWD.RU
workgroup = USR

client use spnego = yes
server string =
os level = 10


domain master = no
preferred master = no
domain logons = no

ntlm auth = no
lanman auth = no
client NTLMv2 auth = yes

wins support = no
wins proxy = no

winbind enum groups = yes
winbind enum users = yes
winbind cache time = 3600
winbind use default domain = Yes
winbind nested groups = yes

allow trusted domains =  No
idmap uid = 2000-100000000
idmap gid = 2000-100000000

idmap backend = rid:"USR=2000-100000000"
nt acl support = yes

# log
log file = /var/log/samba/%m.log
max log size = 50

socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
use sendfile = Yes
null passwords = Yes
#lock spin count = 100
deadtime = 60

# printing
printing = cups
printcap name = cups
#use client driver = no
load printers = yes


# net ads join -U adminuser
adminuser's password:
[2007/08/07 15:05:53, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password adminuser@USR.NW.PWD.RU failed: Preauthentication failed
Failed to join domain: Logon failure





# net -d 10 ads join -U adminuser
[2007/08/07 15:06:22, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2007/08/07 15:06:22, 3] param/loadparm.c:lp_load(5024)
  lp_load: refreshing parameters
[2007/08/07 15:06:22, 3] param/loadparm.c:init_globals(1424)
  Initialising global parameters
[2007/08/07 15:06:22, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/usr/local/etc/samba/smb.conf"
[2007/08/07 15:06:22, 3] param/loadparm.c:do_section(3763)
  Processing section "[global]"
  doing parameter preload modules = /usr/local/lib/samba/idmap/rid.so
  doing parameter template homedir = /export/home/%U
  doing parameter template shell = /bin/sh
  doing parameter winbind nested groups = yes
  doing parameter log level = 3
  doing parameter dos charset = 866
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2LE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2LE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16LE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16LE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2BE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2BE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16BE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16BE
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF8
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF8
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-8
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-8
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset ASCII
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset ASCII
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset 646
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset 646
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset ISO-8859-1
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset ISO-8859-1
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS2-HEX
[2007/08/07 15:06:22, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS2-HEX
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
  doing parameter unix charset = CP1251
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
[2007/08/07 15:06:22, 5] lib/charcnv.c:charset_name(82)
  Substituting charset 'KOI8-R' for LOCALE
  doing parameter display charset = CP1251
  doing parameter security = ads
  doing parameter password server = 10.7.5.20 10.7.5.25
  doing parameter realm = USR.NW.PWD.RU
  doing parameter workgroup = USR
  doing parameter client use spnego = yes
  doing parameter server string =
  doing parameter os level = 10
  doing parameter domain master = no
  doing parameter preferred master = no
  doing parameter domain logons = no
  doing parameter ntlm auth = no
  doing parameter lanman auth = no
  doing parameter client NTLMv2 auth = yes
  doing parameter wins support = no
  doing parameter wins proxy = no
  doing parameter winbind enum groups = yes
  doing parameter winbind enum users = yes
  doing parameter winbind cache time = 3600
  doing parameter winbind use default domain = Yes
  doing parameter winbind nested groups = yes
  doing parameter allow trusted domains = No
  doing parameter idmap uid = 2000-100000000
  doing parameter idmap gid = 2000-100000000
  doing parameter idmap backend = rid:"USR=2000-100000000"
  doing parameter nt acl support = yes
  doing parameter log file = /var/log/samba/%m.log
  doing parameter max log size = 50
  doing parameter socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
  doing parameter use sendfile = Yes
  doing parameter null passwords = Yes
  doing parameter deadtime = 60
  doing parameter printing = cups
  doing parameter printcap name = cups
  doing parameter load printers = yes
[2007/08/07 15:06:22, 4] param/loadparm.c:lp_load(5055)
  pm_process() returned Yes
[2007/08/07 15:06:22, 7] param/loadparm.c:lp_servicenumber(5193)
  lp_servicenumber: couldn't find homes
[2007/08/07 15:06:22, 10] param/loadparm.c:set_server_role(4299)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2007/08/07 15:06:22, 5] lib/util.c:init_names(287)
  Netbios name list:-
  my_netbios_names[0]="PENELOPAOLD"
[2007/08/07 15:06:22, 2] lib/interface.c:add_interface(81)
  added interface ip=10.7.5.2 bcast=10.7.5.255 nmask=255.255.255.0
[2007/08/07 15:06:22, 5] lib/gencache.c:gencache_init(61)
  Opening cache file at /var/samba/gencache.tdb
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 4] libsmb/namequery_dc.c:ads_dc_name(73)
  ads_dc_name: domain=USR
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for realm 'USR.NW.PWD.RU'
[2007/08/07 15:06:22, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
  get_sorted_dc_list: attempting lookup for name USR.NW.PWD.RU (sitename Pskov) using [ads]
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = SAF/DOMAIN/USR.NW.PWD.RU, value = 10.7.5.20, timeout = Tue Aug  7 15:20:53 2007
[2007/08/07 15:06:22, 5] libsmb/namequery.c:saf_fetch(136)
  saf_fetch: Returning "10.7.5.20" for "USR.NW.PWD.RU" domain
[2007/08/07 15:06:22, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.7.5.20, 10.7.5.20 10.7.5.25"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/08/07 15:06:22, 4] libsmb/namequery.c:get_dc_list(1599)
  get_dc_list: returning 2 ip addresses in an ordered list
[2007/08/07 15:06:22, 4] libsmb/namequery.c:get_dc_list(1600)
  get_dc_list: 10.7.5.20:389 10.7.5.25:389
[2007/08/07 15:06:22, 5] libads/ldap.c:ads_try_connect(180)
  ads_try_connect: sending CLDAP request to 10.7.5.20 (realm: USR.NW.PWD.RU)
[2007/08/07 15:06:22, 10] libads/dns.c:sitename_store(640)
  sitename_store: realm = [USR.NW.PWD.RU], sitename = [Pskov], expire = [4294967295]
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU; value = Pskov and timeout = (NULL) (-1186484783 seconds ahead)
[2007/08/07 15:06:22, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.7.5.20
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] libads/ldap.c:ads_closest_dc(149)
  ads_closest_dc: ADS_CLOSEST flag set
[2007/08/07 15:06:22, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(612)
  create_local_private_krb5_conf_for_domain: fname = /var/samba/smb_krb5/krb5.conf.USR, realm = USR.NW.PWD.RU, domain = USR
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = SAF/DOMAIN/USR.NW.PWD.RU, value = 10.7.5.20, timeout = Tue Aug  7 15:20:53 2007
[2007/08/07 15:06:22, 5] libsmb/namequery.c:saf_fetch(136)
  saf_fetch: Returning "10.7.5.20" for "USR.NW.PWD.RU" domain
[2007/08/07 15:06:22, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.7.5.20, 10.7.5.20 10.7.5.25"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/08/07 15:06:22, 4] libsmb/namequery.c:get_dc_list(1599)
  get_dc_list: returning 2 ip addresses in an ordered list
[2007/08/07 15:06:22, 4] libsmb/namequery.c:get_dc_list(1600)
  get_dc_list: 10.7.5.20:389 10.7.5.25:389
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = SAF/DOMAIN/USR.NW.PWD.RU, value = 10.7.5.20, timeout = Tue Aug  7 15:20:53 2007
[2007/08/07 15:06:22, 5] libsmb/namequery.c:saf_fetch(136)
  saf_fetch: Returning "10.7.5.20" for "USR.NW.PWD.RU" domain
[2007/08/07 15:06:22, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.7.5.20, 10.7.5.20 10.7.5.25"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:22, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:22, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/08/07 15:06:22, 4] libsmb/namequery.c:get_dc_list(1599)
  get_dc_list: returning 2 ip addresses in an ordered list
[2007/08/07 15:06:22, 4] libsmb/namequery.c:get_dc_list(1600)
  get_dc_list: 10.7.5.20:389 10.7.5.25:389
[2007/08/07 15:06:22, 10] libads/kerberos.c:get_kdc_ip_string(563)
  get_kdc_ip_string: Returning  kdc = 10.7.5.20
        kdc = 10.7.5.25
        kdc = 10.7.5.25

[2007/08/07 15:06:22, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(681)
  create_local_private_krb5_conf_for_domain: wrote file /var/samba/smb_krb5/krb5.conf.USR with realm USR.NW.PWD.RU KDC = 10.7.5.20
[2007/08/07 15:06:22, 4] libsmb/namequery_dc.c:ads_dc_name(131)
  ads_dc_name: using server='DCPSK1.USR.NW.PWD.RU' IP=10.7.5.20
adminuser's password:
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:25, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:25, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for realm 'USR.NW.PWD.RU'
[2007/08/07 15:06:25, 8] libsmb/namequery.c:get_sorted_dc_list(1626)
  get_sorted_dc_list: attempting lookup for name USR.NW.PWD.RU (sitename Pskov) using [ads]
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = SAF/DOMAIN/USR.NW.PWD.RU, value = 10.7.5.20, timeout = Tue Aug  7 15:20:53 2007
[2007/08/07 15:06:25, 5] libsmb/namequery.c:saf_fetch(136)
  saf_fetch: Returning "10.7.5.20" for "USR.NW.PWD.RU" domain
[2007/08/07 15:06:25, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.7.5.20, 10.7.5.20 10.7.5.25"
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:25, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:25, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_get(226)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU, value = Pskov, timeout = Sun Feb  7 09:28:15 2106
[2007/08/07 15:06:25, 5] libads/dns.c:sitename_fetch(679)
  sitename_fetch: Returning sitename for USR.NW.PWD.RU: "Pskov"
[2007/08/07 15:06:25, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2007/08/07 15:06:25, 4] libsmb/namequery.c:get_dc_list(1599)
  get_dc_list: returning 2 ip addresses in an ordered list
[2007/08/07 15:06:25, 4] libsmb/namequery.c:get_dc_list(1600)
  get_dc_list: 10.7.5.20:389 10.7.5.25:389
[2007/08/07 15:06:25, 5] libads/ldap.c:ads_try_connect(180)
  ads_try_connect: sending CLDAP request to 10.7.5.20 (realm: USR.NW.PWD.RU)
[2007/08/07 15:06:25, 10] libads/dns.c:sitename_store(640)
  sitename_store: realm = [USR.NW.PWD.RU], sitename = [Pskov], expire = [4294967295]
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = AD_SITENAME/DOMAIN/USR.NW.PWD.RU; value = Pskov and timeout = (NULL) (-1186484786 seconds ahead)
[2007/08/07 15:06:25, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.7.5.20
[2007/08/07 15:06:25, 10] libads/ldap.c:ads_closest_dc(149)
  ads_closest_dc: ADS_CLOSEST flag set
[2007/08/07 15:06:25, 10] libsmb/namequery.c:saf_store(74)
  saf_store: domain = [USR], server = [10.7.5.20], expire = [1186485685]
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/USR; value = 10.7.5.20 and timeout = Tue Aug  7 15:21:25 2007
   (900 seconds ahead)
[2007/08/07 15:06:25, 10] libsmb/namequery.c:saf_store(74)
  saf_store: domain = [USR.NW.PWD.RU], server = [10.7.5.20], expire = [1186485685]
[2007/08/07 15:06:25, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/USR.NW.PWD.RU; value = 10.7.5.20 and timeout = Tue Aug  7 15:21:25 2007
   (900 seconds ahead)
[2007/08/07 15:06:25, 4] libads/ldap.c:ads_current_time(2414)
  time offset is 0 seconds
[2007/08/07 15:06:25, 4] libads/sasl.c:ads_sasl_bind(521)
  Found SASL mechanism GSS-SPNEGO
[2007/08/07 15:06:25, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/08/07 15:06:25, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/08/07 15:06:25, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/08/07 15:06:25, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/08/07 15:06:25, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = dcpsk1$@USR.NW.PWD.RU
[2007/08/07 15:06:25, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2007/08/07 15:06:25, 10] libads/sasl.c:ads_sasl_spnego_bind(262)
  ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit
[2007/08/07 15:06:25, 10] libads/kerberos.c:kerberos_kinit_password_ext(91)
  kerberos_kinit_password: using [MEMORY:net_ads] as ccache and config [/var/samba/smb_krb5/krb5.conf.USR]
[2007/08/07 15:06:25, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password adminuser@USR.NW.PWD.RU failed: Preauthentication failed
[2007/08/07 15:06:25, 1] utils/net_ads.c:net_ads_join(1470)
  error on ads_startup: Preauthentication failed
Failed to join domain: Logon failure
[2007/08/07 15:06:25, 2] utils/net.c:main(1032)
  return code = -1
Comment 1 Guenther Deschner 2007-08-08 05:18:53 UTC

*** This bug has been marked as a duplicate of 4863 ***