Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

[Samba] net ads join: Aborted

38 views

Skip to first unread message

Nick Couchman

unread,

May 27, 2010, 10:50:01 AM5/27/10

I'm having trouble getting a host to join an ADS domain/realm. I have smb.conf set correctly, with the workgroup, realm, and security = ads specified. However, when I try to join with the command: net ads join -U Administrator, I simple get the message "Aborted" and it does not join the domain. If I use the -d flag to enable debugging, I see the following toward the end of the output:

[2010/05/27 08:44:33.261144, 3] libads/sasl.c:790(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore
[2010/05/27 08:44:33.261484, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2010/05/27 08:44:33.288414, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 27 May 2010 18:44:33 MDT
[2010/05/27 08:44:33.288453, 3] libsmb/clikrb5.c:743(ads_krb5_mk_req)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2010/05/27 08:44:33.296939, 3] libads/ldap.c:2908(ads_domain_func_level)
ads_domain_func_level: 0
[2010/05/27 08:44:33.297755, 2] libads/ldap.c:3363(ads_get_upn)
ads_get_upn: No userPrincipalName attribute!
[2010/05/27 08:44:33.297787, 3] libads/kerberos.c:445(kerberos_secrets_store_des_salt)
kerberos_secrets_store_des_salt: Storing salt "host/xenprint.a...@AD.SEAKR.COM"
Aborted

The output from another system (same O/S, same Samba version, same krb5 version, etc.) contains similar output, except that there's continue output after the "Storing salt" message. If I use strace, I see the following:

write(7, "0c\2\1\10c^\4\25dc=AD,dc=SEAKR,dc=COM\n\1"..., 101) = 101
gettimeofday({1274971641, 629786}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 15000) = 1 ([{fd=7, revents=POLLIN}])
read(7, "0\204\0\0\r\271\2\1", 8) = 8
read(7, "\10d\204\0\0\r\260\4.CN=xenprint,CN=Computer"..., 3511) = 3511
gettimeofday({1274971641, 630532}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7, revents=POLLIN}])
read(7, "0\204\0\0\0E\2\1", 8) = 8
read(7, "\10s\204\0\0\0<\4:ldap://ad.seakr.com/CN="..., 67) = 67
gettimeofday({1274971641, 630706}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7, revents=POLLIN}])
read(7, "0\204\0\0\0\20\2\1", 8) = 8
read(7, "\10e\204\0\0\0\7\n\1\0\4\0\4\0", 14) = 14
rt_sigaction(SIGALRM, {0x1, [ALRM], SA_RESTORER, 0x7ffeb08d7560}, {0x7ffeb33135e0, [ALRM], SA_RESTORER, 0x7ffeb08d7560}, 8) = 0
alarm(0) = 15
fcntl(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=8, len=1}) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=168, len=0}) = 0
fstat(3, {st_mode=S_IFREG|0600, st_size=45056, ...}) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=168, len=0}) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=8, len=1}) = 0
fcntl(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(5, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(5304, 5304, SIGABRT) = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++

Any ideas what would cause a SIGABRT on this process?

Thanks,
Nick

--------
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Nick Couchman

unread,

May 27, 2010, 2:10:02 PM5/27/10

>>> On 2010/05/27 at 08:48, "Nick Couchman" <Nick.C...@seakr.com> wrote:
> I'm having trouble getting a host to join an ADS domain/realm. I have
> smb.conf set correctly, with the workgroup, realm, and security = ads
> specified. However, when I try to join with the command: net ads join -U
> Administrator, I simple get the message "Aborted" and it does not join the
> domain. If I use the -d flag to enable debugging, I see the following toward
> the end of the output:
>

This problem seems to only occur in Samba 3.5.3 on a certain machine. I have two machines, both running Opensuse 11.2 and using the OBS Samba repository. One of them allows me to join the AD domain, the other throws the error in the previous message. No idea what's going on - Samba packages, krb5 packages, nss, etc., are all exactly the same.

-Nick

0 new messages