Bug 9917 - kerberos does not work with "net rpc" functions
Summary: kerberos does not work with "net rpc" functions
Status: NEW
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.6.6
Hardware: x86 Linux
: P5 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-29 23:10 UTC by Abraham Alawi (dead mail address)
Modified: 2013-05-29 23:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Abraham Alawi (dead mail address) 2013-05-29 23:10:05 UTC
kerberos works fine for "net ads" functions but not for "net rpc". 

root@mips5-01-xdc:~# net --version
Version 3.6.6

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@mips5-01-xdc:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: na-xuserx@DOMAIN.ORG.AU

Valid starting     Expires            Service principal
30/05/13 08:39:09  30/05/13 18:39:11  krbtgt/DOMAIN.ORG.AU@DOMAIN.ORG.AU
        renew until 31/05/13 08:39:09

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@mips5-01-xdc:~# net ads info
LDAP server: 192.168.92.92
LDAP server name: ADX.DOMAIN.ORG.AU
Realm: DOMAIN.ORG.AU
Bind Path: dc=DOMAIN,dc=ORG,dc=AU
LDAP port: 389
Server time: Thu, 30 May 2013 08:49:07 EST
KDC server: 192.168.92.92
Server time offset: 0

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@mips5-01-xdc:~# net -d2 -k -S DOMAIN.ORG.AU rpc group addmem acl_stacc_nci_mips5_con xuserx
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
added interface eth0 ip=192.168.243.64 bcast=192.168.247.255 netmask=255.255.248.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Doing kerberos session setup
ads_krb5_mk_req: smb_krb5_get_credentials failed for cifs/DOMAIN.ORG.AU@DOMAIN.ORG.AU (Server not found in Kerberos database)
cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: Server not found in Kerberos database
failed session setup with NT_STATUS_UNSUCCESSFUL
Could not connect to server DOMAIN.ORG.AU
Connection failed: NT_STATUS_UNSUCCESSFUL
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
return code = -1

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@mips5-01-xdc:~# cat /var/run/samba/smb_krb5/krb5.conf.DOMAIN
[libdefaults]
        default_realm = DOMAIN.ORG.AU
        default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5

[realms]
        DOMAIN.ORG.AU = {
                kdc = 192.168.92.92
        }

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@mips5-01-xdc:~# cat /etc/krb5.conf

[libdefaults]
        default_realm = DOMAIN.ORG.AU
        default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5

[realms]
        DOMAIN.ORG.AU = {
                kdc = 192.168.92.92
        }