Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Problem with kerberos method attribut
774 views
Skip to first unread message
djamel boussebha
Nov 12, 2011, 1:30:01 AM11/12/11
to
Hi;
I would like to use a samba configuration with :
dedicated keytab file = /etc/krb5.keytab
kerberos method = system keytab
security = ADS
But when I test the configuration (testparm) I have the following error msg :
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "dedicated keytab file"
Ignoring unknown parameter "dedicated keytab file"
Unknown parameter encountered: "kerberos method"
Ignoring unknown parameter "kerberos method"
I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5.
Q : how resolve this problem ?
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I would like to use a samba configuration with :
dedicated keytab file = /etc/krb5.keytab
kerberos method = system keytab
security = ADS
But when I test the configuration (testparm) I have the following error msg :
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "dedicated keytab file"
Ignoring unknown parameter "dedicated keytab file"
Unknown parameter encountered: "kerberos method"
Ignoring unknown parameter "kerberos method"
I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5.
Q : how resolve this problem ?
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
TAKAHASHI Motonobu
Nov 12, 2011, 2:10:01 AM11/12/11
to
From: djamel boussebha <dbous...@yahoo.fr>
Date: Thu, 10 Nov 2011 15:25:38 +0000 (GMT)
> I would like to use a samba configuration with :
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = system keytab
> security = ADS
>
> But when I test the configuration (testparm) I have the following error msg :
>
> Load smb config files from /etc/samba/smb.conf
> Unknown parameter encountered: "dedicated keytab file"
> Ignoring unknown parameter "dedicated keytab file"
> Unknown parameter encountered: "kerberos method"
> Ignoring unknown parameter "kerberos method"
>
> I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5.
> Q : how resolve this problem ?
Both "kerberos method" and "dedicated keytab file" are introduced at Samba
3.4.0. You use too old version.
---
TAKAHASHI Motonobu <mo...@samba.gr.jp>
Date: Thu, 10 Nov 2011 15:25:38 +0000 (GMT)
> I would like to use a samba configuration with :
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = system keytab
> security = ADS
>
> But when I test the configuration (testparm) I have the following error msg :
>
> Load smb config files from /etc/samba/smb.conf
> Unknown parameter encountered: "dedicated keytab file"
> Ignoring unknown parameter "dedicated keytab file"
> Unknown parameter encountered: "kerberos method"
> Ignoring unknown parameter "kerberos method"
>
> I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5.
> Q : how resolve this problem ?
3.4.0. You use too old version.
---
TAKAHASHI Motonobu <mo...@samba.gr.jp>
djamel boussebha
Nov 12, 2011, 6:20:02 AM11/12/11
to
Hi TAKAHASHI
OK I must just to change the samba version in 3.4 and my problem is resolved!
Regards
--- En date de : Sam 12.11.11, TAKAHASHI Motonobu <mo...@monyo.com> a écrit :
OK I must just to change the samba version in 3.4 and my problem is resolved!
Regards
--- En date de : Sam 12.11.11, TAKAHASHI Motonobu <mo...@monyo.com> a écrit :
djamel boussebha
Nov 15, 2011, 8:00:02 AM11/15/11
to
Hi;
I works with a big campagny and I cannot update the samba version on linux Suse : its very complex and require to respect a qualification process.
It exists another means to resolve this problem ?
--- En date de : Sam 12.11.11, TAKAHASHI Motonobu <mo...@monyo.com> a écrit :
De: TAKAHASHI Motonobu <mo...@monyo.com>
Objet: Re: [Samba] Problem with kerberos method attribut
À: dbous...@yahoo.fr
Cc: sa...@lists.samba.org
Date: Samedi 12 novembre 2011, 8h09
I works with a big campagny and I cannot update the samba version on linux Suse : its very complex and require to respect a qualification process.
It exists another means to resolve this problem ?
--- En date de : Sam 12.11.11, TAKAHASHI Motonobu <mo...@monyo.com> a écrit :
De: TAKAHASHI Motonobu <mo...@monyo.com>
Objet: Re: [Samba] Problem with kerberos method attribut
À: dbous...@yahoo.fr
Cc: sa...@lists.samba.org
Date: Samedi 12 novembre 2011, 8h09
Philipoff, Andrew
Nov 15, 2011, 3:40:02 PM11/15/11
to
If you must stick with using Samba 3.0.x, try "use kerberos keytab = yes" in your smb.conf file. Also make sure that you define the location of your Kerberos keytab in your krb5.conf file as "default_keytab_name = /etc/krb5.keytab".
Andrew
Andrew
djamel boussebha
Nov 16, 2011, 11:30:02 AM11/16/11
to
Hi;
wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2)
The result for "wbinfo -t" is ok :
"checking the trust secret for domain P9BIS via RPC calls succeeded"
But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this error message: "Could not lookup name USER1"
I use Samba version : 3.5.12.
Any help would be very appreciated... thanks to anyone!
wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2)
The result for "wbinfo -t" is ok :
"checking the trust secret for domain P9BIS via RPC calls succeeded"
But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this error message: "Could not lookup name USER1"
I use Samba version : 3.5.12.
Any help would be very appreciated... thanks to anyone!
djamel boussebha
Nov 17, 2011, 6:20:02 AM11/17/11
to
Hi;
I would like to set the file /etc/krb5.keytab for apache :
# net ads keytab add HTTP -U compte_admin_dom1
Processing principals to add...
Enter administrateur's password:
# ktutil
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
ktutil:
The file is empty ?
May be that this problem is linked to the command "net ads" ? because when I try to join the AD :
# net ads join -U adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Enter adminis...@P9BIS.NEOPLUS.LAPOSTE.POC's password:
Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC
But with "rpc" it works :
# net rpc join -U adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Enter adminis...@P9BIS.NEOPLUS.LAPOSTE.POC's password:
Joined domain P9BIS.
When I execute : # net ads info - U administrateur
Failed to get server's current time!
LDAP server: 187.0.17.104
LDAP server name: CINVW067.p9bis.neoplus.laposte.poc
Realm: P9BIS.NEOPLUS.LAPOSTE.POC
Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC
LDAP port: 389
Server time: Thu, 01 Jan 1970 01:00:00 CET
KDC server: 187.0.17.104
And # net rpc info -U administrateur
Enter administrateur's password:
Domain Name: P9BIS
Domain SID: S-1-5-21-254703050-2859693384-3493432365
Sequence number: 1
Num users: 50
Num domain groups: 0
Num local groups: 12
The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ?
The kinit works fine :
# kinit adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Password for adminis...@P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting Expires Service principal
11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/P9BIS.NEOPLU...@P9BIS.NEOPLUS.LAPOSTE.POC
renew until 11/18/11 12:05:00
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Impossible to join the AD serveur with "ads" :
# net ads testjoin
Join to domain is not valid: Operations error
# net rpc testjoin
Join to 'P9BIS' is OK
How make work correctly the "ads" and how get the list of users of the AD domain ?
Any help would be very appreciated.
Regards
--- En date de : Mer 16.11.11, djamel boussebha <dbous...@yahoo.fr> a écrit :
I would like to set the file /etc/krb5.keytab for apache :
# net ads keytab add HTTP -U compte_admin_dom1
Processing principals to add...
Enter administrateur's password:
# ktutil
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
ktutil:
The file is empty ?
May be that this problem is linked to the command "net ads" ? because when I try to join the AD :
# net ads join -U adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Enter adminis...@P9BIS.NEOPLUS.LAPOSTE.POC's password:
Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC
But with "rpc" it works :
# net rpc join -U adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Enter adminis...@P9BIS.NEOPLUS.LAPOSTE.POC's password:
Joined domain P9BIS.
When I execute : # net ads info - U administrateur
Failed to get server's current time!
LDAP server: 187.0.17.104
LDAP server name: CINVW067.p9bis.neoplus.laposte.poc
Realm: P9BIS.NEOPLUS.LAPOSTE.POC
Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC
LDAP port: 389
Server time: Thu, 01 Jan 1970 01:00:00 CET
KDC server: 187.0.17.104
And # net rpc info -U administrateur
Enter administrateur's password:
Domain Name: P9BIS
Domain SID: S-1-5-21-254703050-2859693384-3493432365
Sequence number: 1
Num users: 50
Num domain groups: 0
Num local groups: 12
The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ?
The kinit works fine :
# kinit adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Password for adminis...@P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: adminis...@P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting Expires Service principal
11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/P9BIS.NEOPLU...@P9BIS.NEOPLUS.LAPOSTE.POC
renew until 11/18/11 12:05:00
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Impossible to join the AD serveur with "ads" :
# net ads testjoin
Join to domain is not valid: Operations error
# net rpc testjoin
Join to 'P9BIS' is OK
How make work correctly the "ads" and how get the list of users of the AD domain ?
Any help would be very appreciated.
--- En date de : Mer 16.11.11, djamel boussebha <dbous...@yahoo.fr> a écrit :
Robert Freeman-Day
Nov 17, 2011, 11:50:02 AM11/17/11
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I noticed the server time has the year 1970. The ads methods use
kerberos and that is time sensitive. Get the accurate date/time and
things should start working for you. Perhaps have it sync with a time
server.
Robert
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0
+LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC
=tSUp
-----END PGP SIGNATURE-----
Hash: SHA1
kerberos and that is time sensitive. Get the accurate date/time and
things should start working for you. Perhaps have it sync with a time
server.
Robert
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0
+LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC
=tSUp
-----END PGP SIGNATURE-----
djamel boussebha
Nov 18, 2011, 4:10:01 AM11/18/11
to
Hi Robert;
Exactly my Suse Linux server it sync with a time server (221.128.17.234) :
# /etc/init.d/ntp restart
Shutting down network time protocol daemon (NTPD) done
Try to get initial date and time via NTP from 221.128.17.234 done
Starting network time protocol daemon (NTPD)
When I execute the date/time are correct :
# date
Fri Nov 18 09:59:07 CET 2011
My Windows 2008 R2 server its also sync with the same time server (221.128.17.234) :
#w32tm /query /configuration
....
EventLogFlags: 1 (Locale)
LargeSampleSkew: 3 (Locale)
SpecialPollInterval: 3600 (Locale)
Type: NTP (Locale)
NtpServer: "221.128.17.234" (Locale)
The time showing with "net" is the time on the windows server ?
# net ads info - U administrateur
..> Server time: Thu, 01 Jan 1970 01:00:00 CET
How resolve this time problem ?
Regards
--- En date de : Jeu 17.11.11, Robert Freeman-Day <pre...@gmail.com> a écrit :
Exactly my Suse Linux server it sync with a time server (221.128.17.234) :
# /etc/init.d/ntp restart
Shutting down network time protocol daemon (NTPD) done
Try to get initial date and time via NTP from 221.128.17.234 done
Starting network time protocol daemon (NTPD)
When I execute the date/time are correct :
# date
Fri Nov 18 09:59:07 CET 2011
My Windows 2008 R2 server its also sync with the same time server (221.128.17.234) :
#w32tm /query /configuration
....
EventLogFlags: 1 (Locale)
LargeSampleSkew: 3 (Locale)
SpecialPollInterval: 3600 (Locale)
Type: NTP (Locale)
NtpServer: "221.128.17.234" (Locale)
The time showing with "net" is the time on the windows server ?
# net ads info - U administrateur
How resolve this time problem ?
Regards
--- En date de : Jeu 17.11.11, Robert Freeman-Day <pre...@gmail.com> a écrit :
djamel boussebha
Nov 18, 2011, 5:30:01 AM11/18/11
to
Hi;
I have modify my /etc/hosts in adding a entry and "ads" works fine but when I try to join AD, I have the following error message :
# net ads join -S 221.221.17.104 -U administrateur
Enter administrateur's password:
[2011/11/18 11:06:09.010144, 0] libads/sasl.c:823(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos database
May be I use a old Kerberos version ?
Any idea ?
Regards;
--- En date de : Ven 18.11.11, djamel boussebha <dbous...@yahoo.fr> a écrit :
I have modify my /etc/hosts in adding a entry and "ads" works fine but when I try to join AD, I have the following error message :
# net ads join -S 221.221.17.104 -U administrateur
Enter administrateur's password:
[2011/11/18 11:06:09.010144, 0] libads/sasl.c:823(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos database
May be I use a old Kerberos version ?
Any idea ?
Regards;
--- En date de : Ven 18.11.11, djamel boussebha <dbous...@yahoo.fr> a écrit :
djamel boussebha
Nov 18, 2011, 11:00:01 AM11/18/11
to
Hi Robert;
Its OK i have resolved the time problem between linux and Windows servers.
But I have strange behavior when I join the AD server with ADS protocol : a Segmentation fault :
# net ads join -S CINVW067 -U administrateur%XXX -d3
[2011/11/18 16:38:45, 3] param/loadparm.c:9180(lp_load_ex)
lp_load_ex: refreshing parameters
[2011/11/18 16:38:45, 3] param/loadparm.c:4948(init_globals)
Initialising global parameters
[2011/11/18 16:38:45, 2] param/loadparm.c:4807(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2011/11/18 16:38:45.611969, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/11/18 16:38:45.612040, 3] param/loadparm.c:7864(do_section)
Processing section "[global]"
[2011/11/18 16:38:45.613778, 2] lib/interface.c:340(add_interface)
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2011/11/18 16:38:45.613832, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2011/11/18 16:38:45.613891, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0
[2011/11/18 16:38:45.614224, 1] libnet/libnet_join.c:1924(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : 'CINVW067'
machine_name : 'CILVS049'
domain_name : *
domain_name : 'P9BIS.NEOPLUS.LAPOSTE.POC'
account_ou : NULL
admin_account : 'administrateur'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2011/11/18 16:38:45.614849, 3] libsmb/cliconnect.c:2212(cli_start_connection)
Connecting to host=CINVW067
[2011/11/18 16:38:45.615392, 3] lib/util_sock.c:979(open_socket_out_send)
Connecting to 187.0.17.104 at port 445
[2011/11/18 16:38:45.619155, 3] lib/util_sock.c:979(open_socket_out_send)
Connecting to 187.0.17.104 at port 139
[2011/11/18 16:38:45.620528, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego)
Doing spnego session setup (blob length=136)
[2011/11/18 16:38:45.620675, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
[2011/11/18 16:38:45.620725, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego)
got principal=not_defined_in_RFC4178@please_ignore
[2011/11/18 16:38:45.621464, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
Got challenge flags:
[2011/11/18 16:38:45.621508, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2011/11/18 16:38:45.621526, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2011/11/18 16:38:45.621537, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2011/11/18 16:38:45.621668, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2011/11/18 16:38:45.621709, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2011/11/18 16:38:45.704425, 3] libads/ldap.c:634(ads_connect)
Successfully contacted LDAP server 187.0.17.104
[2011/11/18 16:38:45.706539, 3] libads/ldap.c:688(ads_connect)
Connected to LDAP server CINVW067.p9bis.neoplus.laposte.poc
[2011/11/18 16:38:45.708416, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2011/11/18 16:38:45.708459, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2011/11/18 16:38:45.708475, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2011/11/18 16:38:45.708488, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2011/11/18 16:38:45.708501, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2011/11/18 16:38:45.708514, 3] libads/sasl.c:793(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore
[2011/11/18 16:38:45.709568, 3] libsmb/clikrb5.c:777(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2011/11/18 16:38:45.741849, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Fri, 18 Nov 2011 23:18:45 CET
[2011/11/18 16:38:45.741987, 3] libsmb/clikrb5.c:830(ads_krb5_mk_req)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2011/11/18 16:38:45.748606, 3] libads/ldap.c:2910(ads_domain_func_level)
ads_domain_func_level: 4
[2011/11/18 16:38:45.748700, 3] libads/kerberos.c:445(kerberos_secrets_store_des_salt)
kerberos_secrets_store_des_salt: Storing salt "host/cilvs049.p9bis.ne...@P9BIS.NEOPLUS.LAPOSTE.POC"
[2011/11/18 16:38:45.751892, 3] libads/kerberos_keytab.c:64(smb_krb5_kt_add_entry_ext)
smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries
Segmentation fault
With RPC protocol it works but I have the error : "NT_STATUS_ACCESS_DENIED" ?
# net rpc join -S CINVW067 -U administrateur%XXX -d3
[2011/11/18 16:36:08, 3] param/loadparm.c:9180(lp_load_ex)
lp_load_ex: refreshing parameters
[2011/11/18 16:36:08, 3] param/loadparm.c:4948(init_globals)
Initialising global parameters
[2011/11/18 16:36:08, 2] param/loadparm.c:4807(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2011/11/18 16:36:08.913273, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/11/18 16:36:08.913340, 3] param/loadparm.c:7864(do_section)
Processing section "[global]"
[2011/11/18 16:36:08.915286, 2] lib/interface.c:340(add_interface)
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2011/11/18 16:36:08.915361, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2011/11/18 16:36:08.915421, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0
Connecting to host=CINVW067
Connecting to 187.0.17.104 at port 445
rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Connecting to host=CINVW067
Connecting to 187.0.17.104 at port 445
Doing spnego session setup (blob length=136)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Connecting to host=CINVW067
Connecting to 187.0.17.104 at port 445
Doing spnego session setup (blob length=136)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Joined domain P9BIS.
return code = 0
I don't know its OK or not ?
Its OK i have resolved the time problem between linux and Windows servers.
But I have strange behavior when I join the AD server with ADS protocol : a Segmentation fault :
# net ads join -S CINVW067 -U administrateur%XXX -d3
[2011/11/18 16:38:45, 3] param/loadparm.c:9180(lp_load_ex)
lp_load_ex: refreshing parameters
[2011/11/18 16:38:45, 3] param/loadparm.c:4948(init_globals)
Initialising global parameters
[2011/11/18 16:38:45, 2] param/loadparm.c:4807(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2011/11/18 16:38:45.611969, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/11/18 16:38:45.612040, 3] param/loadparm.c:7864(do_section)
Processing section "[global]"
[2011/11/18 16:38:45.613778, 2] lib/interface.c:340(add_interface)
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2011/11/18 16:38:45.613832, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2011/11/18 16:38:45.613891, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0
[2011/11/18 16:38:45.614224, 1] libnet/libnet_join.c:1924(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : 'CINVW067'
machine_name : 'CILVS049'
domain_name : *
domain_name : 'P9BIS.NEOPLUS.LAPOSTE.POC'
account_ou : NULL
admin_account : 'administrateur'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2011/11/18 16:38:45.614849, 3] libsmb/cliconnect.c:2212(cli_start_connection)
Connecting to host=CINVW067
[2011/11/18 16:38:45.615392, 3] lib/util_sock.c:979(open_socket_out_send)
Connecting to 187.0.17.104 at port 445
[2011/11/18 16:38:45.619155, 3] lib/util_sock.c:979(open_socket_out_send)
Connecting to 187.0.17.104 at port 139
[2011/11/18 16:38:45.620528, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego)
Doing spnego session setup (blob length=136)
[2011/11/18 16:38:45.620675, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
[2011/11/18 16:38:45.620725, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego)
got principal=not_defined_in_RFC4178@please_ignore
[2011/11/18 16:38:45.621464, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
Got challenge flags:
[2011/11/18 16:38:45.621508, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2011/11/18 16:38:45.621526, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2011/11/18 16:38:45.621537, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2011/11/18 16:38:45.621668, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2011/11/18 16:38:45.621709, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2011/11/18 16:38:45.704425, 3] libads/ldap.c:634(ads_connect)
Successfully contacted LDAP server 187.0.17.104
[2011/11/18 16:38:45.706539, 3] libads/ldap.c:688(ads_connect)
Connected to LDAP server CINVW067.p9bis.neoplus.laposte.poc
[2011/11/18 16:38:45.708416, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2011/11/18 16:38:45.708459, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2011/11/18 16:38:45.708475, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2011/11/18 16:38:45.708488, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2011/11/18 16:38:45.708501, 3] libads/sasl.c:784(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2011/11/18 16:38:45.708514, 3] libads/sasl.c:793(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore
[2011/11/18 16:38:45.709568, 3] libsmb/clikrb5.c:777(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2011/11/18 16:38:45.741849, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Fri, 18 Nov 2011 23:18:45 CET
[2011/11/18 16:38:45.741987, 3] libsmb/clikrb5.c:830(ads_krb5_mk_req)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2011/11/18 16:38:45.748606, 3] libads/ldap.c:2910(ads_domain_func_level)
ads_domain_func_level: 4
[2011/11/18 16:38:45.748700, 3] libads/kerberos.c:445(kerberos_secrets_store_des_salt)
kerberos_secrets_store_des_salt: Storing salt "host/cilvs049.p9bis.ne...@P9BIS.NEOPLUS.LAPOSTE.POC"
[2011/11/18 16:38:45.751892, 3] libads/kerberos_keytab.c:64(smb_krb5_kt_add_entry_ext)
smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries
Segmentation fault
With RPC protocol it works but I have the error : "NT_STATUS_ACCESS_DENIED" ?
# net rpc join -S CINVW067 -U administrateur%XXX -d3
[2011/11/18 16:36:08, 3] param/loadparm.c:9180(lp_load_ex)
lp_load_ex: refreshing parameters
[2011/11/18 16:36:08, 3] param/loadparm.c:4948(init_globals)
Initialising global parameters
[2011/11/18 16:36:08, 2] param/loadparm.c:4807(max_open_files)
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2011/11/18 16:36:08.913273, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/11/18 16:36:08.913340, 3] param/loadparm.c:7864(do_section)
Processing section "[global]"
[2011/11/18 16:36:08.915286, 2] lib/interface.c:340(add_interface)
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2011/11/18 16:36:08.915361, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2011/11/18 16:36:08.915421, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0
Connecting to host=CINVW067
Connecting to 187.0.17.104 at port 445
rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Connecting to host=CINVW067
Connecting to 187.0.17.104 at port 445
Doing spnego session setup (blob length=136)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Connecting to host=CINVW067
Connecting to 187.0.17.104 at port 445
Doing spnego session setup (blob length=136)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Joined domain P9BIS.
return code = 0
I don't know its OK or not ?
djamel boussebha
Nov 18, 2011, 11:00:02 AM11/18/11
to
My hosts file is as follows on the linux server :
# cat /etc/hosts
127.0.0.1 local.localdomain localhost CILVS049
187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067
Windows server with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind : 187.0.22.177 (CILVS049)
# cat /etc/hosts
127.0.0.1 local.localdomain localhost CILVS049
187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067
Windows server with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind : 187.0.22.177 (CILVS049)
djamel boussebha
Dec 1, 2011, 9:30:02 AM12/1/11
to
Hi;
I upgraded samba to 3.5.12, and the compilation was successfully.
However, when I want to start samba, it shows it cannot find the
libdm.so.0 ?
Is it related to openldap ? How can I get the library?
Thanks,
I upgraded samba to 3.5.12, and the compilation was successfully.
However, when I want to start samba, it shows it cannot find the
libdm.so.0 ?
Is it related to openldap ? How can I get the library?
Thanks,
0 new messages