Folks,
I have set up a samba development server. It is able to let users log in
through ldap, it grabs their groups correctly, it gets a kerberos ticket
correctly, however it craps out when trying to join to the ADS. I have
an already working server with, from what I can tell, the same
configuration.
When I run the net ads join -d3 (letting it use a previously cached
kerberos ticket for auth), I get the following errors:
[2008/06/03 13:17:16, 3] param/loadparm.c:lp_load(5055)
lp_load: refreshing parameters
[2008/06/03 13:17:16, 3] param/loadparm.c:init_globals(1440)
Initialising global parameters
[2008/06/03 13:17:16, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/opt/samba/3.0.30/lib/smb.conf"
[2008/06/03 13:17:16, 3] param/loadparm.c:do_section(3794)
Processing section "[global]"
[2008/06/03 13:17:16, 2] lib/interface.c:add_interface(81)
added interface ip=<ipaddress> bcast=<bcast> nmask=255.255.255.0
[2008/06/03 13:17:16, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", MY.AD.SERVER"
[2008/06/03 13:17:23, 1] libads/cldap.c:recv_cldap_netlogon(219)
no reply received to cldap netlogon
[2008/06/03 13:17:23, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request <ad server ip address> failed.
[2008/06/03 13:17:23, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", MY.AD.SERVER"
[2008/06/03 13:17:27, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", MY.AD.SERVER"
[2008/06/03 13:17:27, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", MY.AD.SERVER"
[2008/06/03 13:17:27, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
[2008/06/03 13:17:27, 1] utils/net_ads.c:net_ads_join(1470)
error on ads_startup: No logon servers
Failed to join domain: No logon servers
[2008/06/03 13:17:27, 2] utils/net.c:main(1066)
return code = -1
For reference, here's smb.conf:
[global]
netbios name = MYCOMPUTERNAME
workgroup = MYWORKGROUP
security = ads
realm = MY.FULL.DOMAIN
password server = MY.AD.SERVER
encrypt passwords = yes
browseable = no
os level = 0
domain master = no
local master = no
preferred master = no
wins server = ad.server.ipaddress
;do not act as a WINS server
wins support = no
restrict anonymous = 2
log level = 0
log file = /opt/samba/var/log_smbd.%m
; winbindd configuration
; winbind separator = +
; winbind enum users = yes
; winbind enum groups = yes
winbind use default domain = yes
; winbind enable local accounts = yes
; template shell = /bin/bash
; template homedir = /home/%D/%U
idmap uid = 30000-40000
idmap gid = 30000-40000
client ntlmv2 auth = yes
client schannel = no
server schannel = no
; disabled for now, unhash these
; lines to enable NTLMv2 only authentication
lanman auth = no
ntlm auth = no
;try fixing win98 caching problem?
csc policy = disable
wins support = no
block size = 4096
unix extensions = no
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
dns_lookup_realm = false
dns_lookup_kdc = false
default_tgs_enctypes = des-cbc-md5, des-cbc-crc
default_tkt_enctypes = des-cbc-md5, des-cbc-crc
[realms]
MY.DOMAIN = {
kdc = ad.server:88
admin_server = ad.server:749
default_domain = my.domain
}
[domain_realm]
.my.realm.path = MY.REALM.PATH
my.realm.path = MY.REALM.PATH
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Any help on this would be GREATLY appreciated!
Mike
