Hello,
I am using samba-3.0alpha21 on a out of the box debian-3.0 box trying to join a
native windows 2000 (active directory) domain. I have used alpha18,19,and 20 in
the past with alot of success on red hat and linux from scratch systems with
minimum challenges. However I cannot seem join the domain in this instance. I am
using openldap 2.1.8 and mit kerberos 1.2.7. The result of "net ads
join" using alpha19 is that the command hangs after scrolling about 5 pages
of text. Alpha20 segfaults for a reason unapparent to me and alpha21 hangs, as
alpha19 did but only after the first line. The funny thing is that "net ads
status" shows that my system is a member of the domain, but in starting
winbindd, winbindd reports this:
winbindd version 3.0alpha21 started.
Copyright The Samba Team 2000-2001
[2002/11/29 07:04:07, 1] nsswitch/winbindd_util.c:add_trusted_domain(140)
Added domain JCNTV
[2002/11/29 07:04:07, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
krb5_cc_get_principal failed (No credentials cache found)
[2002/11/29 07:04:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
[2002/11/29 07:04:17, 1] nsswitch/winbindd_util.c:init_domain_list(220)
Retrying startup domain sid fetch for JCNTV
[2002/11/29 07:04:17, 1] libsmb/clikrb5.c:krb5_mk_req2(56)
krb5_cc_get_principal failed (No credentials cache found)
[2002/11/29 07:04:17, 1] nsswitch/winbindd_ads.c:ads_cached_connection(72)
ads_connect for domain JCNTV failed: NT_STATUS_LOGON_FAILURE
I compiled samba like so..
./configure --prefix=/usr/local/samba3 --with-pam
Here is a copy of my smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2002/09/20 13:46:38
# Global parameters
[global]
workgroup = JCNTV
realm = JCNTV.PRIVATE
ADS server = 192.168.0.2
netbios name = ISAIAH
interfaces = **.**.**.**
bind interfaces only = Yes
security = ADS
wins server = 192.168.0.2
encrypt passwords = yes
host msdfs = Yes
msdfs root = Yes
winbind gid = 1000-65000
winbind uid = 1000-65000
winbind separator = +
[docroot]
path = /home/var/www
follow symlinks = no
browsable = yes
force create mode = 0664
force directory mode = 0755
My krb5.conf ..
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
#default_tags_enctypes = des-cbc-crc
#default_tkt_enctypes = des-cbc-crc
default_realm = JCNTV.PRIVATE
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
JCNTV.PRIVATE = {
kdc = server2.jcntv.private:88
default_domain = jcntv.private
}
[domain_realm]
.jcntv.private = JCNTV.PRIVATE
jcntv.private = JCNTV.PRIVATE
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
and finally, my ldap.conf..
# Your LDAP server. Must be resolvable without using LDAP.
host 192.168.0.2
# The distinguished name of the search base.
base dc=jcntv,dc=private
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# Use SSL
# ssl yes
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,cn=Users,dc=jcntv,dc=private
bindpw JxZ#!@//
#URI ldaps://192.168.0.2:636
# The credentials to bind with.
# Optional: default is no credential.
# The port.
#port 636
port 389
# The search scope.
scope sub
nss_base_passwd cn=Users,DC=jcntv,DC=private?one
nss_base_shadow cn=Users,DC=jcntv,DC=private?one
nss_base_group cn=Group,DC=jcntv,DC=private?one
nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute cn msSFUName
nss_map_attribute userPassword msSFUPassword
nss_map_attribute uniqueMember Member
pam_filter objectclass=user
pam_login_attribute sAMAccountName
pam_password ad
Any help would be greatly appreciated. I don't know if this behavior is
related to the version of glibc installed on the machine or what. But again, any
help would be appreciated.
Best Regards,
Errol U. Neal
