thr3ads.net - samba - [Samba] Could not join to domain with krb5 error: Message stream modified [Jul 2006]

If this information is useful, please help other people find it:
Share via:

Ephi Dror

2006-Jul-28 18:30 UTC

[Samba] Could not join to domain with krb5 error: Message stream modified

Hi all,
 
I have a situation in which my SAMBA 3.0.14a could not join the a very
large windows 2003 AD domain with tens of domain controllers all over
the world. With an error I have never seen before. 
The kinit part went OK but the net ads join part failed.
 
What we tried is to have our SAMBA joined one of the OU in which we have
the credentials to join. 
BTW  we had no problem to join other windows and Mac systems with our
name/password
 
The error is a krb5 error:  Message stream modified and it was replied
while in the function:parse_setpw_reply
 
Any idea or an hint would be really really appreciated:
 
Below is the last few lines of a debug level 10 while trying to join the
domain.
 
Cheers,
Ephi
 
============  log  from net join    ====================ads_try_connect: trying
ldap server 'AA.BB.CC.DD' port 389

[2006/07/28 07:18:12, 3, pid=5128] libads/ldap.c:ads_connect(288)

Connected to LDAP server AA.BB.CC.DD

[2006/07/28 07:18:12, 3, pid=5128] libads/ldap.c:ads_server_info(2483)

got ldap server name sjcpdc03@XXX.NET <mailto:sjcpdc03@XXX.NET> , using
bind path: dc=XXX,dc=NET

[2006/07/28 07:18:12, 4, pid=5128] libads/ldap.c:ads_server_info(2489)

time offset is 0 seconds

[2006/07/28 07:18:12, 4, pid=5128] libads/sasl.c:ads_sasl_bind(447)

Found SASL mechanism GSS-SPNEGO

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(204)

ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10

[2006/07/28 07:18:12, 3, pid=5128]
libads/sasl.c:ads_sasl_spnego_bind(211)

ads_sasl_spnego_bind: got server principal name =sjcpdc03$@XXX.NET
<mailto:=sjcpdc03$@XXX.NET> 

[2006/07/28 07:18:12, 3, pid=5128] libsmb/clikrb5.c:ads_krb5_mk_req(385)

ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)

[2006/07/28 07:18:12, 3, pid=5128]
libsmb/clikrb5.c:ads_cleanup_expired_creds(318)

Ticket in ccache[MEMORY:net_ads] expiration Fri, 28 Jul 2006 17:18:12
GMT

[2006/07/28 07:18:12, 10, pid=5128]
libsmb/clikrb5.c:ads_krb5_mk_req(428)

ads_krb5_mk_req: Ticket (sjcpdc03$@XXX.NET <mailto:sjcpdc03$@XXX.NET> )
in ccache (MEMORY:net_ads) is

valid until: (Fri, 28 Jul 2006 17:18:12 GMT - 1154132292)

[2006/07/28 07:18:12, 10, pid=5128]
libsmb/clikrb5.c:get_krb5_smb_session_key(528)

Got KRB5 session key of length 16

[2006/07/28 07:18:12, 10, pid=5128] lib/util.c:name_to_fqdn(2860)

name_to_fqdn: lookup for sjcpfs03 -> sjcpfs03.xxx.net.

[2006/07/28 07:18:12, 0, pid=5128]
libads/ldap.c:ads_add_machine_acct(1419)

ads_add_machine_acct: Host account for sjcpfs03 already exists -
modifying old account

[2006/07/28 07:18:12, 5, pid=5128]
libads/ldap_utils.c:ads_do_search_retry(56)

Search for (objectclass=*) gave 1 replies

[2006/07/28 07:18:12, 1, pid=5128]
libads/krb5_setpw.c:parse_setpw_reply(237)

Got error packet 0x7e from kpasswd server

[2006/07/28 07:18:12, 1, pid=5128]
libads/krb5_setpw.c:do_krb5_kpasswd_request(450)

parse_setpw_reply failed (Message stream modified)

[2006/07/28 07:18:12, 10, pid=5128] intl/lang_tdb.c:lang_tdb_init(135)

lang_tdb_init: /opt/filer/lib/en_US.UTF-8.msg: No such file or directory

[2006/07/28 07:18:12, 2, pid=5128] utils/net.c:main(904)

return code = -1

Gerald (Jerry) Carter

2006-Aug-04 13:13 UTC

head link

[Samba] Could not join to domain with krb5 error: Message stream modified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ephi Dror wrote:> Hi all,
>  
> I have a situation in which my SAMBA 3.0.14a could not join 
> the a very large windows 2003 AD domain with tens of
> domain controllers all over the world. With an error I
> have never seen before.  The kinit part went OK but the
> net ads join part failed.
>  
> What we tried is to have our SAMBA joined one of the OU 
> in which we have the credentials to join. BTW  we had no problem
> to join other windows and Mac systems with our name/password
>  
> The error is a krb5 error:  Message stream modified and it 
> was replied while in the function:parse_setpw_reply
I wonder if this is a UDP vs. TCP thing.  You might want to
test the net ads join from 3.0.23a.




jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE00fdIR7qMdg1EfYRAvurAJ0cNgBc9JF9R8MGSuFBPMmEvhrs7QCfQJxF
fFYAyMUtypVBqcKvopmVKbc=6D8m
-----END PGP SIGNATURE-----

Possibly Parallel Threads

Search for more reasonably related threads

samba - Jul 2006 - Could not join to domain with krb5 error: Message stream modified

[Samba] Could not join to domain with krb5 error: Message stream modified

[Samba] Could not join to domain with krb5 error: Message stream modified

Possibly Parallel Threads