samba - Apr 2003 - kerberos auth fails in samba3.0 alpha23

Hi,

I build an alpha23 samba3.0 system in win2k AD domain. Just a few days 
ago, it works very well. But in recent, I find it cannot work.

I am sure it is the reason for kerberos authority. When I kinit a ticket 
successfully, it fails to run "smbclient \\Win2K-server\c$ -k", the 
error message will be as blow:
Doing spnego session setup (blob length=109)
Doing kerberos session setup
session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED

When I run "getent passwd", it also fails to display the domain users.
When I run "wbinfo -u", it echos "Error looking up domain
users".

But I am sure kerberos ticket works correctly, for I can run kpasswd to 
change the Administrator@Win2kDomain password.

I am puzzled, I wish if anyone has any help.


Regards,
more

Hi, I think I should append this information:

I use "net ads join" to join my computer to win2k AD domain, the
system
prompt to let me input root password. But I have maken a Administrator 
key in win2k AD domain in my Linux box.
It is not useful to input a password for there is not "root" account
in
the win2k AD domain at all. "net ads join" outputs as blow:

root password:
[2003/04/16 13:21:04, 1] libsmb/clikrb5.c:krb5_mk_req2(266)
  krb5_cc_get_principal failed (No credentials cache file found)
[2003/04/16 13:21:04, 0] libads/kerberos.c:ads_kinit_password(132)
  kerberos_kinit_password root@RAIDTEC.CHINA failed: Client not found in 
Kerberos database
[2003/04/16 13:21:04, 1] utils/net_ads.c:ads_startup(160)
  ads_connect: Invalid credentials

I just puzzled why samba asks for root account now, any help will be 
great thanks.


Regards,
more
> Hi,
>
> I build an alpha23 samba3.0 system in win2k AD domain. Just a few days 
> ago, it works very well. But in recent, I find it cannot work.
>
> I am sure it is the reason for kerberos authority. When I kinit a 
> ticket successfully, it fails to run "smbclient \\Win2K-server\c$
-k",
> the error message will be as blow:
> Doing spnego session setup (blob length=109)
> Doing kerberos session setup
> session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
>
> When I run "getent passwd", it also fails to display the domain
users.
> When I run "wbinfo -u", it echos "Error looking up domain
users".
>
> But I am sure kerberos ticket works correctly, for I can run kpasswd 
> to change the Administrator@Win2kDomain password.
>
> I am puzzled, I wish if anyone has any help.
>
>
> Regards,
> more
>

It seems to work better if you login to the domain first.  Try this:

/usr/kerberos/bin/kinit administrator@YOURDOMAIN.COM

You should be prompted for a password.  "YOURDOMAIN.COM" is case
sensitive and should be all upper case.  You don't have to use
"administrator", but do need to use an account with domain admin
rights
so the join will work.

After you put in your password, join the domain like this:

/usr/local/samba/bin/net ads join

Hope that helps.
 
Rick Segeberg
Provo Site Manager, IT Department
The Waterford Institute
rick.segeberg@waterford.org


-----Original Message-----
From: more [mailto:more0401@sina.com] 
Sent: Wednesday, April 16, 2003 6:00 AM
To: more.zeng
Cc: samba@lists.samba.org
Subject: Re: [Samba] kerberos auth fails in samba3.0 alpha23


Hi, I think I should append this information:

I use "net ads join" to join my computer to win2k AD domain, the
system
prompt to let me input root password. But I have maken a Administrator 
key in win2k AD domain in my Linux box.
It is not useful to input a password for there is not "root" account
in
the win2k AD domain at all. "net ads join" outputs as blow:

root password:
[2003/04/16 13:21:04, 1] libsmb/clikrb5.c:krb5_mk_req2(266)
  krb5_cc_get_principal failed (No credentials cache file found)
[2003/04/16 13:21:04, 0] libads/kerberos.c:ads_kinit_password(132)
  kerberos_kinit_password root@RAIDTEC.CHINA failed: Client not found in

Kerberos database
[2003/04/16 13:21:04, 1] utils/net_ads.c:ads_startup(160)
  ads_connect: Invalid credentials

I just puzzled why samba asks for root account now, any help will be 
great thanks.


Regards,
more
> Hi,
>
> I build an alpha23 samba3.0 system in win2k AD domain. Just a few days
> ago, it works very well. But in recent, I find it cannot work.
>
> I am sure it is the reason for kerberos authority. When I kinit a 
> ticket successfully, it fails to run "smbclient \\Win2K-server\c$
-k",
> the error message will be as blow:
> Doing spnego session setup (blob length=109)
> Doing kerberos session setup
> session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
>
> When I run "getent passwd", it also fails to display the domain
users.
> When I run "wbinfo -u", it echos "Error looking up domain
users".
>
> But I am sure kerberos ticket works correctly, for I can run kpasswd 
> to change the Administrator@Win2kDomain password.
>
> I am puzzled, I wish if anyone has any help.
>
>
> Regards,
> more
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


*************************************

This e-mail may contain privileged or confidential material intended for the
named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using
information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network. 

*************************************