samba - May 2010 - net ads join: Aborted

I'm having trouble getting a host to join an ADS domain/realm.  I have
smb.conf set correctly, with the workgroup, realm, and security = ads specified.
However, when I try to join with the command: net ads join -U Administrator, I
simple get the message "Aborted" and it does not join the domain.  If
I use the -d flag to enable debugging, I see the following toward the end of the
output:

[2010/05/27 08:44:33.261144,  3] libads/sasl.c:790(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178 at
please_ignore
[2010/05/27 08:44:33.261484,  3] libsmb/clikrb5.c:698(ads_krb5_mk_req)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2010/05/27 08:44:33.288414,  3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 27
May 2010 18:44:33 MDT
[2010/05/27 08:44:33.288453,  3] libsmb/clikrb5.c:743(ads_krb5_mk_req)
  ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2010/05/27 08:44:33.296939,  3] libads/ldap.c:2908(ads_domain_func_level)
  ads_domain_func_level: 0
[2010/05/27 08:44:33.297755,  2] libads/ldap.c:3363(ads_get_upn)
  ads_get_upn: No userPrincipalName attribute!
[2010/05/27 08:44:33.297787,  3]
libads/kerberos.c:445(kerberos_secrets_store_des_salt)
  kerberos_secrets_store_des_salt: Storing salt "host/xenprint.ad.seakr.com
at AD.SEAKR.COM"
Aborted

The output from another system (same O/S, same Samba version, same krb5 version,
etc.) contains similar output, except that there's continue output after the
"Storing salt" message.  If I use strace, I see the following:

write(7, "0c\2\1\10c^\4\25dc=AD,dc=SEAKR,dc=COM\n\1"..., 101) = 101
gettimeofday({1274971641, 629786}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 15000) = 1 ([{fd=7,
revents=POLLIN}])
read(7, "0\204\0\0\r\271\2\1", 8)       = 8
read(7, "\10d\204\0\0\r\260\4.CN=xenprint,CN=Computer"..., 3511) =
3511
gettimeofday({1274971641, 630532}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7,
revents=POLLIN}])
read(7, "0\204\0\0\0E\2\1", 8)          = 8
read(7, "\10s\204\0\0\0<\4:ldap://ad.seakr.com/CN="..., 67) = 67
gettimeofday({1274971641, 630706}, NULL) = 0
poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 14999) = 1 ([{fd=7,
revents=POLLIN}])
read(7, "0\204\0\0\0\20\2\1", 8)        = 8
read(7, "\10e\204\0\0\0\7\n\1\0\4\0\4\0", 14) = 14
rt_sigaction(SIGALRM, {0x1, [ALRM], SA_RESTORER, 0x7ffeb08d7560},
{0x7ffeb33135e0, [ALRM], SA_RESTORER, 0x7ffeb08d7560}, 8) = 0
alarm(0)                                = 15
fcntl(3, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=8, len=1}) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=168, len=0}) = 0
fstat(3, {st_mode=S_IFREG|0600, st_size=45056, ...}) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=168, len=0}) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=8, len=1}) = 0
fcntl(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(5, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=552, len=1}) = 0
fcntl(5, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=552, len=1}) = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(5304, 5304, SIGABRT)             = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++

Any ideas what would cause a SIGABRT on this process?

Thanks,
Nick



--------
This e-mail may contain confidential and privileged material for the sole use of
the intended recipient.  If this email is not intended for you, or you are not
responsible for the delivery of this message to the intended recipient, please
note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information.  In such a case, you are strictly prohibited
from downloading, photocopying, distributing or otherwise using this message,
its contents or attachments in any way.  If you have received this message in
error, please notify us immediately by replying to this e-mail and delete the
message from your mailbox.  Information contained in this message that does not
relate to the business of SEAKR is neither endorsed by nor attributable to
SEAKR.

>>> On 2010/05/27 at 08:48, "Nick Couchman" <Nick.Couchman
at seakr.com> wrote:
> I'm having trouble getting a host to join an ADS domain/realm.  I have 
> smb.conf set correctly, with the workgroup, realm, and security = ads 
> specified.  However, when I try to join with the command: net ads join -U 
> Administrator, I simple get the message "Aborted" and it does not
join the
> domain.  If I use the -d flag to enable debugging, I see the following
toward
> the end of the output:
> 
This problem seems to only occur in Samba 3.5.3 on a certain machine.  I have
two machines, both running Opensuse 11.2 and using the OBS Samba repository. 
One of them allows me to join the AD domain, the other throws the error in the
previous message.  No idea what's going on - Samba packages, krb5 packages,
nss, etc., are all exactly the same.

-Nick



--------
This e-mail may contain confidential and privileged material for the sole use of
the intended recipient.  If this email is not intended for you, or you are not
responsible for the delivery of this message to the intended recipient, please
note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information.  In such a case, you are strictly prohibited
from downloading, photocopying, distributing or otherwise using this message,
its contents or attachments in any way.  If you have received this message in
error, please notify us immediately by replying to this e-mail and delete the
message from your mailbox.  Information contained in this message that does not
relate to the business of SEAKR is neither endorsed by nor attributable to
SEAKR.