CentOS - Apr 2007 - Xen guest and samba

Hello,
I am new to this list, but having been using CentOS for sometime.

I recently installed CentOS 5 on a test server to check out Xen. The 
installation was smooth had so far I have everything working except I 
cannot get samba to join our AD domain from the xen guest, using 
para-virtualization, I setup. I am out of ideas, and cannot find anyone 
having similar problems.

I have tested my config files on the server itself (Dom0) and it joins 
fine. But on the guest it will not join.

kinit works and I do get a ticket from kerberos. But when I try to join 
I get:

# net ads join -U administrator
administrator's password:
Using short domain name -- ICN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'XEN01' in realm 'ICN.LOCAL'

In messages, I have:
Apr 25 10:36:02 xen01 winbindd[29659]: [2007/04/25 10:36:02, 0] 
libads/kerberos.c:ads_kinit_password(208)
Apr 25 10:36:02 xen01 winbindd[29659]:   kerberos_kinit_password 
XEN01$@ICN.LOCAL failed: Clients credentials have been revoked
Apr 25 10:36:34 xen01 pcscd: winscard.c:219:SCardConnect() Reader E-Gate 
0 0 Not Found

The hosts, resolv.conf, smb.conf and krb5.conf files are the same 
between the guest and Dom0 and are using the same version of samba. 
Selinux has been disabled in order to make sure it was not interfering.

Has anyone had this issue or successfully able to join to a domain from 
a guest?

Thanks,
Rick

I have several XEN and VMWare VMs with CentOS 4.4 that joined AD
successfully.
However, I always used the following (simple) procedure:
  # kinit Administrator
  # net ads join
the net ads join command never asked for a password (because I already
did the kinit earlier).

I had issues only once when there already was a matching computer object
in the AD-Tree, so you might check that and remove it if required.

Regards,
Andreas Rogge

Am Mittwoch, den 25.04.2007, 10:51 -0400 schrieb Rick
Barnes:
> Hello,
> I am new to this list, but having been using CentOS for sometime.
> 
> I recently installed CentOS 5 on a test server to check out Xen. The 
> installation was smooth had so far I have everything working except I 
> cannot get samba to join our AD domain from the xen guest, using 
> para-virtualization, I setup. I am out of ideas, and cannot find anyone 
> having similar problems.
> 
> I have tested my config files on the server itself (Dom0) and it joins 
> fine. But on the guest it will not join.
> 
> kinit works and I do get a ticket from kerberos. But when I try to join 
> I get:
> 
> # net ads join -U administrator
> administrator's password:
> Using short domain name -- ICN
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Disabled account for 'XEN01' in realm 'ICN.LOCAL'
> 
> In messages, I have:
> Apr 25 10:36:02 xen01 winbindd[29659]: [2007/04/25 10:36:02, 0] 
> libads/kerberos.c:ads_kinit_password(208)
> Apr 25 10:36:02 xen01 winbindd[29659]:   kerberos_kinit_password 
> XEN01$@ICN.LOCAL failed: Clients credentials have been revoked
> Apr 25 10:36:34 xen01 pcscd: winscard.c:219:SCardConnect() Reader E-Gate 
> 0 0 Not Found
> 
> The hosts, resolv.conf, smb.conf and krb5.conf files are the same 
> between the guest and Dom0 and are using the same version of samba. 
> Selinux has been disabled in order to make sure it was not interfering.
> 
> Has anyone had this issue or successfully able to join to a domain from 
> a guest?
> 
> Thanks,
> Rick
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3187 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20070426/4d5d3a76/attachment-0003.bin>