OK all, really going nuts here. wbinfo -u/-g works, pulls up the W2k
users/groups. Net ads join works just fine. Created the krb5.keytab
file on the w2k machine and kutil copy this to /etc/krb5.keytab. kinit
administrator works fine. However, all net groupmap commands fail.
Here's an example:
fskkweb# net groupmap add unixgroup=admin ntgroup="Domain Admins"
No rid or sid specified, choosing algorithmic mapping
[2004/09/29 08:42:46, 0] lib/smbldap.c:smbldap_open_connection(623)
Failed to issue the StartTLS instruction: Decoding error
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
(Operations error)
<Snip-error burps out for quite a number of lines>
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
(Operations error)
adding entry for group Domain Admins failed!
fskkweb#
I'm assuming there is some problem with openldap client. ldapsearch
burps out this:
fskkweb# ldapsearch -v -D CN=Administrator,CN=Users,DC=fsklaw,DC=net
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C09030B, comment:
AcceptSecurityContext error, data 52e, v893
Any body have any clues...I would love to get this working. If you need
smb.conf, krb5.conf, nsswitch files etc. please ask.
TMS III
