Francis Lee Mondia
2008-Mar-18 00:38 UTC
[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
Hi all, I'm having trouble joining samba to active directory. My samba version is 3.0.28a-35 and krb is 1.6.1-17.el5. It's running on centos 5, kernel version 2.6.18-53.1.14.el5. It's running on vmware server by the way if that is of any significance. The specific error that I get are as follows: when testjoining the domain: [2008/03/18 04:34:07, 0] libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password AD2K7$@DOMAIN.COM failed: Preauthentication failed Join to domain is not valid: Logon failure <DOMAIN.COM> is a valid domain, on a windows 2003 r2 server. It's already added to the hosts file as well as configured as the DNS server. hostname of this host can also be resovled. This is strange, considering I can get the ticket using kinit. I know some people have posted about this before, but it was on a previous samba version. I don't know if it is with samba versions, but i also upgraded from 3.0.25b, since i found somewhere in this post that it's a buggy version. On last thing, I also got the same problem on a Centos 4.4 installation, also with installed 3.0.28a-35. Any help will be highly appreciated. I'm willing to give you all the required configuration files if you need it.
Philipoff, Andrew
2008-Mar-18 03:38 UTC
[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
I experienced this problem on a Red Hat Enterprise Linux 5.1 system when running Samba 3.0.25b-1.el5_1.4, the RHEL supplied version of Samba. Previously I was able to join this same system to our AD domain when it was running RHEL 5/Samba 3.0.23c-2.el5.2.0.2. After this system was upgraded to RHEL 5.1/Samba 3.0.25b-1.el5_1.4 I was not able re-join this system to our AD domain. I ended up downgrading to the /usr/bin/net binary to one from Samba 3.0.23c-2.el5.2.0.2, the previous RHEL supplied version. I did that by downloading samba-common-3.0.23c-2.el5.2.0.2.i386.rpm from Red Hat and extracting /usr/bin/net from the rpm by running: "rpm2cpio samba-common-3.0.23c-2.el5.2.0.2.i386.rpm | cpio -iv --make-directories ./usr/bin/net" That extracted the 3.0.23c-2.el5.2.0.2 version of /usr/bin/net into my cwd. Then I ran "mv /usr/bin/net /usr/bin/net.bak" to backup the 3.0.25b-1.el5_1.4 version and then copied the older /usr/bin/net binary that I extracted from the rpm to /usr/bin. Once I did that, I was able to rejoin this system to our domain. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 http://domsupport.ucsf.edu/ -----Original Message----- From: samba-bounces+aphilipoff=medicine.ucsf.edu@lists.samba.org [mailto:samba-bounces+aphilipoff=medicine.ucsf.edu@lists.samba.org] On Behalf Of Francis Lee Mondia Sent: Monday, March 17, 2008 5:38 PM To: samba@lists.samba.org Subject: [Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed Hi all, I'm having trouble joining samba to active directory. My samba version is 3.0.28a-35 and krb is 1.6.1-17.el5. It's running on centos 5, kernel version 2.6.18-53.1.14.el5. It's running on vmware server by the way if that is of any significance. The specific error that I get are as follows: when testjoining the domain: [2008/03/18 04:34:07, 0] libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password AD2K7$@DOMAIN.COM failed: Preauthentication failed Join to domain is not valid: Logon failure <DOMAIN.COM> is a valid domain, on a windows 2003 r2 server. It's already added to the hosts file as well as configured as the DNS server. hostname of this host can also be resovled. This is strange, considering I can get the ticket using kinit. I know some people have posted about this before, but it was on a previous samba version. I don't know if it is with samba versions, but i also upgraded from 3.0.25b, since i found somewhere in this post that it's a buggy version. On last thing, I also got the same problem on a Centos 4.4 installation, also with installed 3.0.28a-35. Any help will be highly appreciated. I'm willing to give you all the required configuration files if you need it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Reasonably Related Threads
- kinit succeeded but ads_sasl_spnego_krb5_bind failed: The context has expired : Success
- kinit succeeded but ads_sasl_spnego_krb5_bind failed
- kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type
- kinit succeeded but ads_sasl_spnego_krb5_bind failed: The context has expired : Success
- kinit succeeded but ads_sasl_spnego_krb5_bind failed