samba ADS nightmares
Posted by Benjamin Close on February 2, 2009 under OpenSource, UniSA | 
Be the First to Comment
Recently Ben and I have been trying to get a FreeBSD box to join an Active Directory domain. The domain controller was running Windows Server 2008. After a *lot* of stuffing around to get this working we finally found the solution to our problem – the version of samba.
You see the problem we were facing was:
# net ads join -U cis-closebs cis-closebs's password: Failed to join domain: Improperly formed account name
Now we checked the logs, checked kerberos, samba, but could not get this working. The debug logs showed something but nothing really useful:
# net ads join -U cis-closebs cis-closebs's password: Failed to join domain: Improperly formed account name # net ads join -d 3 -U cis-closebs [2009/02/02 12:55:26, 3] param/loadparm.c:lp_load(5031) lp_load: refreshing parameters [2009/02/02 12:55:26, 3] param/loadparm.c:init_globals(1430) Initialising global parameters [2009/02/02 12:55:26, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf" [2009/02/02 12:55:26, 3] param/loadparm.c:do_section(3770) Processing section "[global]" [2009/02/02 12:55:26, 2] lib/interface.c:add_interface(81) added interface ip=130.220.236.62 bcast=130.220.237.255 nmask=255.255.254.0 [2009/02/02 12:55:26, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "130.220.64.77, uninet.unisa.edu.au, *" [2009/02/02 12:55:26, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 130.220.64.77 [2009/02/02 12:55:26, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "130.220.64.77, uninet.unisa.edu.au, *" [2009/02/02 12:55:26, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "130.220.64.77, uninet.unisa.edu.au, *" cis-closebs's password: [2009/02/02 12:55:27, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "130.220.64.77, uninet.unisa.edu.au, *" [2009/02/02 12:55:27, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 130.220.64.77 [2009/02/02 12:55:27, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2009/02/02 12:55:27, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2009/02/02 12:55:27, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2009/02/02 12:55:27, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2009/02/02 12:55:27, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2009/02/02 12:55:27, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2009/02/02 12:55:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602) ads_krb5_mk_req: krb5_get_credentials failed for not_defined_in_RFC4178@please_ignore (Server not found in Kerberos database) [2009/02/02 12:55:27, 1] utils/net_ads.c:net_ads_join(1470) error on ads_startup: Server not found in Kerberos database Failed to join domain: Improperly formed account name [2009/02/02 12:55:27, 2] utils/net.c:main(1036) return code = -1
Turns out that it was the version of samba we were using. Version 3.0.28 had issues with joining a Windows Server 2008 Active Directory domain. This was fixed in Samba 3.0.28a and as can be seen with the FreeBSD ports commit:
|
Revision 1.169: download – view: text, markup, annotated – select for diffs Update port to the 3.0.28a revision. Major changes: o Failure to join Windows 2008 domains o Windows Vista (including SP1 RC) interop issues Approved by: shaun (mentor, implicit) |
So if you find yourself hunting around chasing something that surely should work.. consider upgrading samba!
Add A Comment