Tom Hallam
2009-Oct-13 05:31 UTC
[Samba] Compiling SAMBA on Solaris 10 to use AD on Windows 2008 server
We've just set up a number of linux servers to access our AD server
(Windows server 2008) and now have to set up a Solaris server. I've
downloaded, compiled and install Samba (3.4.2), configured kerberos and
am now trying to get it to join the AD. I get the following error:
samba-3.4.2/source3# net ads join -U username
Enter username's password:
[2009/10/13 13:10:42, 0] libads/sasl.c:819(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file
not configured
Failed to join domain: failed to connect to AD: krb5 conf file not
configured
samba-3.4.2/source3#
If I run with "-d 1" I get:
....
[2009/10/13 13:26:47, 1] libnet/libnet_join.c:1871(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'BADGER'
domain_name : *
domain_name : 'EEDS.EE.UWA.EDU.AU'
account_ou : NULL
admin_account : 'thallam'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2009/10/13 13:26:48, 1] libsmb/clikrb5.c:786(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_mk_req_extended failed (krb5 conf file not
configured)
[2009/10/13 13:26:48, 0] libads/sasl.c:819(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file
not configured
[2009/10/13 13:26:48, 1] libnet/libnet_join.c:1902(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'EEDS'
dns_domain_name : 'eeds.ee.uwa.edu.au'
forest_name : 'eeds.ee.uwa.edu.au'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-2693662547-1243528254-4028546715
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: krb5
conf file not configured'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
Failed to join domain: failed to connect to AD: krb5 conf file not
configured
....
I've checked the krb5.conf file and it's fine. Issuing tickets etc
works. Any ideas what the issue is.?
Tom Hallam
Tom Hallam
2009-Oct-15 02:05 UTC
[Samba] Solved (work around): Compiling SAMBA on Solaris 10 to use AD on Windows 2008 server
I ended up upgrading openssl, compiling kerberos from source and recompiling samba against that. After the recompile I was able to get Solaris to join the domain with the existing configuration. It looks like there is some feature in kerberos that samba needs but kerberos that comes with Solaris does not provide. It's got something to do with krb5_mk_req_extended but I'm not sure exactly what. I read somewhere that Solaris (9) only provides the gssapi and not the "older krb5" interface. This seems no longer to be the case but it does look like the features available through krb5 may only be partial. Tom Hallam Tom Hallam wrote:> We've just set up a number of linux servers to access our AD server > (Windows server 2008) and now have to set up a Solaris server. I've > downloaded, compiled and install Samba (3.4.2), configured kerberos > and am now trying to get it to join the AD. I get the following error: > > samba-3.4.2/source3# net ads join -U username > Enter username's password: > [2009/10/13 13:10:42, 0] libads/sasl.c:819(ads_sasl_spnego_bind) > kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file > not configured > Failed to join domain: failed to connect to AD: krb5 conf file not > configured > samba-3.4.2/source3# > > If I run with "-d 1" I get: > .... > [2009/10/13 13:26:47, 1] libnet/libnet_join.c:1871(libnet_Join) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'BADGER' > domain_name : * > domain_name : 'EEDS.EE.UWA.EDU.AU' > account_ou : NULL > admin_account : 'thallam' > admin_password : * > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > [2009/10/13 13:26:48, 1] libsmb/clikrb5.c:786(ads_krb5_mk_req) > ads_krb5_mk_req: krb5_mk_req_extended failed (krb5 conf file not > configured) > [2009/10/13 13:26:48, 0] libads/sasl.c:819(ads_sasl_spnego_bind) > kinit succeeded but ads_sasl_spnego_krb5_bind failed: krb5 conf file > not configured > [2009/10/13 13:26:48, 1] libnet/libnet_join.c:1902(libnet_Join) > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'EEDS' > dns_domain_name : 'eeds.ee.uwa.edu.au' > forest_name : 'eeds.ee.uwa.edu.au' > dn : NULL > domain_sid : * > domain_sid : > S-1-5-21-2693662547-1243528254-4028546715 > modified_config : 0x00 (0) > error_string : 'failed to connect to AD: krb5 > conf file not configured' > domain_is_ad : 0x01 (1) > result : WERR_GENERAL_FAILURE > Failed to join domain: failed to connect to AD: krb5 conf file not > configured > .... > > I've checked the krb5.conf file and it's fine. Issuing tickets etc > works. Any ideas what the issue is.? > > Tom Hallam