I'm unable to join the Samba server to a Win2k domain running in mixed mode. I have changed the settings in my krb5.conf and tested this with kinit: -- cut # kinit -V Password for administrator@DOMAIN.DOM: Authenticated to Kerberos v5 -- cut But when I try to add the server to the domain with the command "net ads join MEMBER -Uadministrator%password -d 10" I get the following error: -- cut [2003/12/13 23:30:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/13 23:30:00, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385) Got KRB5 session key of length 8 [2003/12/13 23:30:00, 1] utils/net_ads.c:ads_startup(181) ads_connect: Invalid credentials [2003/12/13 23:30:00, 2] utils/net.c:main(759) return code = -1 -- cut If i use a wrong password, I get a "preauthentication failed" so again the kerberos part should be OK. I then tried "security = domain". If I don't create a computer in the AD I get this error when running "net rpc join MEMBER -Uadministrator%password -d 10": -- cut [2003/12/13 23:27:40, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2003/12/13 23:27:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286) error setting trust account password: NT_STATUS_UNSUCCESSFUL Unable to join domain DOMAIN. [2003/12/13 23:27:40, 2] utils/net.c:main(759) return code = 1 -- cut If I create a computer account and set it to allow pre Window 2000 computers to use this account I get: -- cut [2003/12/13 23:29:28, 1] libsmb/cliconnect.c:cli_full_connection(1426) failed tcon_X with NT_STATUS_ACCESS_DENIED [2003/12/13 23:29:28, 1] utils/net.c:connect_to_ipc_anonymous(179) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(407) write_socket(5,45) [2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(410) write_socket(5,45) wrote 45 [2003/12/13 23:29:28, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 35 [2003/12/13 23:29:28, 5] lib/util.c:show_msg(456) [2003/12/13 23:29:28, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=22538 smb_pid=6905 smb_uid=3 smb_mid=28 smt_wct=0 smb_bcc=0 Unable to join domain DOMAIN. -- cut The full debug logs of all atempts and configuration files are here... net join ads: http://www.larsson.as/files/net-ads-join.txt net join before a computer account is created in the AD: http://www.larsson.as/files/net-join-noaccount.txt net join after a computer account is create in the AD: http://www.larsson.as/files/net-join-account.txt krb5.conf: http://www.larsson.as/files/krb5.conf smb.conf: http://www.larsson.as/files/smb.conf Best regards Henrik
What Linux are you using? The SuSE versions of Kerberos are known to be broken, that's why I ask. You mind try try the RPMs from ftp.sernet.de that fix this issue.
I use RedHat 9. As you can see in the logs, the kerberos part should be OK. Also kinit works. Best regards Henrik
I seem to have simular problem joining NT4 domain. Here is the log info for the cli_samr_set_userinfo function that fails: [2004/01/06 13:10:18, 10] rpc_client/cli_samr.c:cli_samr_set_userinfo(1351) cli_samr_set_userinfo [2004/01/06 13:10:18, 5] rpc_parse/parse_samr.c:init_samr_q_set_userinfo(6509) init_samr_q_set_userinfo [2004/01/06 13:10:18, 5] rpc_parse/parse_samr.c:init_samr_userinfo_ctr(6308) init_samr_userinfo_ctr [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_set_userinfo [2004/01/06 13:10:18, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 39e04e0d [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 043e [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 4bb9 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: a0 74 94 d4 14 4a 17 1e [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 switch_value: 0018 [2004/01/06 13:10:18, 6] rpc_parse/parse_prs.c:prs_debug(82) 000016 samr_io_userinfo_ctr ctr [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 switch_value: 0018 [2004/01/06 13:10:18, 7] rpc_parse/parse_prs.c:prs_debug(82) 000018 sam_io_user_info24 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 0018 password: 4f 78 68 52 75 7a 33 70 5d b0 e7 6a b9 35 95 04 83 30 87 40 8f 94 f1 71 dd d7 e4 60 fd 23 32 ac a3 d6 23 47 e6 ed 90 1d 67 ff fa 04 06 0a e4 0a db 24 58 ea 67 89 57 1f 31 98 2b 34 d4 1b bc ed 5c 0c c3 52 c2 92 6d 25 ec 1c 7a 7f 7e 30 d5 9f cc c6 b3 a6 a6 6b 5d dd 8a 8f 7d 73 59 d0 33 ee d7 95 f4 53 e9 12 50 6f a8 c0 50 ac e6 2d 1f 0e 92 ae 69 64 3c 7a bf 9c 0c 99 78 03 18 16 b7 3b ea 78 43 21 7f e8 e8 65 79 27 73 54 95 ba 78 ea 3f 8a be dd 88 d3 2c 55 82 a2 ac db c5 49 75 c1 75 34 63 f5 8b 91 77 ae a1 ec 81 be 7e 05 97 1d 5f fc 3b 89 f4 74 7b 02 6d a6 a6 d1 14 8d a9 4c c4 71 df 88 d4 d7 c9 b1 1a 8d 85 b7 d9 9d f9 2d 3a 2e 21 0e a7 f4 6d e1 06 32 32 56 90 70 ab 24 ca 7c 0a e8 15 3d 33 89 99 c2 5f 79 95 79 1f b9 e1 23 1c a9 0f 4d 27 87 84 a8 3f f6 f9 8f 4f b7 70 24 3f 75 80 78 05 c4 33 57 ca 2e 32 95 04 22 95 3a 14 27 8d fe 1b ab 85 f7 17 85 79 6f d6 12 3c 4e 32 b7 34 e3 ab 1b f2 75 29 94 f7 f0 c0 64 63 2f ba af d5 88 9b ea a5 d3 bb 01 80 42 e4 9e dc 7f 0a a0 6d 69 f3 3a 59 a3 75 d +> 3 19 21 fa 0b 87 9d fa 3a ca ac eb e6 2a fb df ee 63 75 d5 6b 08 5b 7e a1 f7 94 45 de 4c 56 dc 8b 79 9c ac 55 33 5c be 6a 64 13 15 1b 02 dd c3 32 e2 ce a1 d3 ec 97 74 d9 0b 4c a6 c8 a9 11 76 6d 2c 6d a5 2f 9d 7f 75 37 2b 92 fc 70 5a bf 24 01 a0 3a 09 3b c8 a1 17 5e a9 e1 01 0c ab 10 ac 14 96 9c 51 87 7e d2 08 54 6a eb 90 4d 87 79 f1 6a 54 0c 4b 4a 95 a9 cc 24 42 b8 1d 05 f2 b5 83 8c b7 f1 d4 16 f3 a5 a8 dc 8f 47 3a 58 77 2b 1f 47 6a 5f 97 35 0e d8 42 20 d3 dc 3b dd 56 47 47 4d d4 a9 f3 e5 69 47 8f 4b 82 46 05 37 4d 7b aa 19 cf 1c 76 fd 1a 27 43 cc [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 021c pw_len: 0018 [2004/01/06 13:10:18, 5] rpc_client/cli_pipe.c:create_rpc_request(841) create_rpc_request: opnum: 0x3a data_len: 0x238 [2004/01/06 13:10:18, 10] rpc_client/cli_pipe.c:create_rpc_request(857) create_rpc_request: data_len: 238 auth_len: 0 alloc_hint: 228 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0238 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 00000012 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_req hdr_req [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000228 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2004/01/06 13:10:18, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0016 opnum : 003a [2004/01/06 13:10:18, 5] rpc_client/cli_pipe.c:rpc_api_pipe(410) rpc_api_pipe: fnum:804 [2004/01/06 13:10:18, 5] lib/util.c:show_msg(456) [2004/01/06 13:10:18, 5] lib/util.c:show_msg(459) size=650 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2050 smb_pid=8607 smb_uid=2050 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 568 (0x238) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 568 (0x238) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2052 (0x804) smb_bcc=583 [2004/01/06 13:10:18, 10] lib/util.c:dump_data(1830) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 38 02 00 00 12 00 00 00 28 .......8 .......( [020] 02 00 00 00 00 3A 00 00 00 00 00 0D 4E E0 39 3E .....:.. ....Nà9> [030] 04 B9 4B A0 74 94 D4 14 4A 17 1E 18 00 18 00 4F .¹K t.Ô. J......O [040] 78 68 52 75 7A 33 70 5D B0 E7 6A B9 35 95 04 83 xhRuz3p] °çj¹5... [050] 30 87 40 8F 94 F1 71 DD D7 E4 60 FD 23 32 AC A3 0.@..ñqÝ ×ä`ý#2¬£ [060] D6 23 47 E6 ED 90 1D 67 FF FA 04 06 0A E4 0A DB Ö#Gæí..g ÿú...ä.Û [070] 24 58 EA 67 89 57 1F 31 98 2B 34 D4 1B BC ED 5C $Xêg.W.1 .+4Ô.¼í\ [080] 0C C3 52 C2 92 6D 25 EC 1C 7A 7F 7E 30 D5 9F CC .ÃRÂ.m%ì .z.~0Õ.Ì [090] C6 B3 A6 A6 6B 5D DD 8A 8F 7D 73 59 D0 33 EE D7 Ƴ¦¦k]Ý. .}sYÐ3î× [0A0] 95 F4 53 E9 12 50 6F A8 C0 50 AC E6 2D 1F 0E 92 .ôSé.Po¨ ÀP¬æ-... [0B0] AE 69 64 3C 7A BF 9C 0C 99 78 03 18 16 B7 3B EA ®id<z¿.. .x...·;ê [0C0] 78 43 21 7F E8 E8 65 79 27 73 54 95 BA 78 EA 3F xC!.èèey 'sT.ºxê? [0D0] 8A BE DD 88 D3 2C 55 82 A2 AC DB C5 49 75 C1 75 .¾Ý.Ó,U. ¢¬ÛÅIuÁu [0E0] 34 63 F5 8B 91 77 AE A1 EC 81 BE 7E 05 97 1D 5F 4cõ..w®¡ ì.¾~..._ [0F0] FC 3B 89 F4 74 7B 02 6D A6 A6 D1 14 8D A9 4C C4 ü;.ôt{.m ¦¦Ñ..©LÄ [100] 71 DF 88 D4 D7 C9 B1 1A 8D 85 B7 D9 9D F9 2D 3A qß.Ô×ɱ. ..·Ù.ù-: [110] 2E 21 0E A7 F4 6D E1 06 32 32 56 90 70 AB 24 CA .!.§ômá. 22V.p«$Ê [120] 7C 0A E8 15 3D 33 89 99 C2 5F 79 95 79 1F B9 E1 |.è.=3.. Â_y.y.¹á [130] 23 1C A9 0F 4D 27 87 84 A8 3F F6 F9 8F 4F B7 70 #.©.M'.. ¨?öù.O·p [140] 24 3F 75 80 78 05 C4 33 57 CA 2E 32 95 04 22 95 $?u.x.Ä3 WÊ.2..". [150] 3A 14 27 8D FE 1B AB 85 F7 17 85 79 6F D6 12 3C :.'.þ.«. ÷..yoÖ.< [160] 4E 32 B7 34 E3 AB 1B F2 75 29 94 F7 F0 C0 64 63 N2·4ã«.ò u).÷ðÀdc [170] 2F BA AF D5 88 9B EA A5 D3 BB 01 80 42 E4 9E DC /º¯Õ..ê¥ Ó»..Bä.Ü [180] 7F 0A A0 6D 69 F3 3A 59 A3 75 D3 19 21 FA 0B 87 .. mió:Y £uÓ.!ú.. [190] 9D FA 3A CA AC EB E6 2A FB DF EE 63 75 D5 6B 08 .ú:ʬëæ* ûßîcuÕk. [1A0] 5B 7E A1 F7 94 45 DE 4C 56 DC 8B 79 9C AC 55 33 [~¡÷.EÞL VÜ.y.¬U3 [1B0] 5C BE 6A 64 13 15 1B 02 DD C3 32 E2 CE A1 D3 EC \¾jd.... ÝÃ2âΡÓì [1C0] 97 74 D9 0B 4C A6 C8 A9 11 76 6D 2C 6D A5 2F 9D .tÙ.L¦È© .vm,m¥/. [1D0] 7F 75 37 2B 92 FC 70 5A BF 24 01 A0 3A 09 3B C8 .u7+.üpZ ¿$. :.;È [1E0] A1 17 5E A9 E1 01 0C AB 10 AC 14 96 9C 51 87 7E ¡.^©á..« .¬...Q.~ [1F0] D2 08 54 6A EB 90 4D 87 79 F1 6A 54 0C 4B 4A 95 Ò.Tjë.M. yñjT.KJ. [2004/01/06 13:10:18, 6] lib/util_sock.c:write_socket(407) write_socket(4,654) [2004/01/06 13:10:18, 6] lib/util_sock.c:write_socket(410) write_socket(4,654) wrote 654 [2004/01/06 13:10:28, 10] lib/util_sock.c:read_socket_with_timeout(263) read_socket_with_timeout: timeout read. select timed out. [2004/01/06 13:10:28, 10] lib/util_sock.c:receive_smb_raw(514) receive_smb_raw: length < 0! [2004/01/06 13:10:28, 10] libsmb/clientgen.c:client_receive_smb(65) client_receive_smb failed [2004/01/06 13:10:28, 5] lib/util.c:show_msg(456) [2004/01/06 13:10:28, 5] lib/util.c:show_msg(459) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2004/01/06 13:10:28, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2004/01/06 13:10:28, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(298) error setting trust account password: NT_STATUS_UNSUCCESSFUL
If the server does not respond, how is this our bug ? Sorry, but I don't see the problem here.
Please look at the links to the debug files. There is reported different errors on different methods of account creation is used.
please retest against 3.0.8 (once it is released and report if not fixed). There has been a lot of changes here since last march.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.