|
Home > Archive > Samba > June 2004 > [Samba] net ads join hangs forever
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Samba] net ads join hangs forever
|
|
| Aaron Grewell 2004-05-20, 5:44 pm |
| I am trying to join my Linux workstation to my ADS domain.
Unfortunately, I'm not having much success. net ads join hangs forever
(or at least for more than 12 hours) when run. The computer account is
created in the domain, but the process never completes. tdbdump
secrets.tdb shows no results, and wbinfo shows users and groups from the
trusted domains but not from the domain I am trying to join. getent has
the same results as wbinfo. net ads info fails altogether, stating that
the ldap server was not found. Watching Ethereal during the net ads
join shows lots of Reverse DNS queries but not much else.
I am using 'Samba-3 by Example' Chapter 9 as the source for my
configurations, and I'm not sure where I've gone wrong.
Platform: Fedora Core 2
Samba: 3.0.3
[root@cygnus root]# net ads join -d 10
[2004/05/20 10:08:46, 5] lib/debug.c:debug_dump_status(367)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
[2004/05/20 10:08:46, 3] param/loadparm.c:lp_load(3886)
lp_load: refreshing parameters
[2004/05/20 10:08:46, 3] param/loadparm.c:init_globals(1307)
Initialising global parameters
[2004/05/20 10:08:46, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2004/05/20 10:08:46, 3] param/loadparm.c:do_section(3384)
Processing section "[global]"
doing parameter workgroup = UWB
doing parameter server string = Samba 3.0.3
doing parameter printcap name = CUPS
doing parameter load printers = yes
doing parameter printing = cups
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter security = ads
doing parameter username map = /etc/samba/smbusers
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter dns proxy = no
doing parameter idmap uid = 16777216-33554431
doing parameter idmap gid = 16777216-33554431
doing parameter template shell = /bin/bash
doing parameter template primary group = "Domain Users"
doing parameter realm = UWB.EDU
doing parameter log level = 1
doing parameter syslog = 1
doing parameter ldap ssl = no
[2004/05/20 10:08:46, 4] param/loadparm.c:lp_load(3918)
pm_process() returned Yes
[2004/05/20 10:08:46, 7] param/loadparm.c:lp_servicenumber(4031)
lp_servicenumber: couldn't find homes
[2004/05/20 10:08:46, 10] param/loadparm.c:set_server_role(3827)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset UCS-2LE
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset UCS-2LE
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset UTF8
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset UTF8
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset ASCII
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset ASCII
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset 646
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset 646
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset ISO-8859-1
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset ISO-8859-1
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset UCS2-HEX
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset UCS2-HEX
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/util.c:init_names(292)
Netbios name list:-
my_netbios_names[0]="CYGNUS"
[2004/05/20 10:08:46, 2] lib/interface.c:add_interface(79)
added interface ip=216.186.72.212 bcast=216.186.72.255
nmask=255.255.255.0
[2004/05/20 10:08:46, 6] libads/ldap.c:ads_find_dc(147)
ads_find_dc: looking for realm 'UWB.EDU'
[2004/05/20 10:08:46, 8] libsmb/namequery.c:get_sorted_dc_list(1402)
get_sorted_dc_list: attempting lookup using [ads]
[2004/05/20 10:08:46, 10] libsmb/namequery.c:internal_resolve_name(1013)
internal_resolve_name: looking up UWB.EDU#1c
[2004/05/20 10:08:46, 5] lib/gencache.c:gencache_init(59)
Opening cache file at /var/cache/samba/gencache.tdb
[2004/05/20 10:08:46, 10] lib/gencache.c:gencache_get(264)
Returning expired cache entry: key = NBT/UWB.EDU#1C, value =
216.186.73.6:389, 216.186.73.7:389,216.186.72.23:389, timeout = Thu May
20 10:05:04 2004
[2004/05/20 10:08:46, 5] libsmb/namecache.c:namecache_fetch(195)
no entry for UWB.EDU#1C found.
[2004/05/20 10:08:46, 10] lib/gencache.c:gencache_del(214)
Deleting cache entry (key = NBT/UWB.EDU#1C)
[2004/05/20 10:08:46, 5] libsmb/namequery.c:resolve_ads(940)
resolve_hosts: Attempting to resolve DC's for UWB.EDU using DNS
[2004/05/20 10:08:46, 10]
libsmb/namequery.c:remove_duplicate_addrs2(319)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2004/05/20 10:08:46, 5] libsmb/namecache.c:namecache_store(131)
namecache_store: storing 3 addresses for UWB.EDU#1c:
216.186.73.6:389,216.186. 73.7:389,216.186.72.23:389
[2004/05/20 10:08:46, 10] lib/gencache.c:gencache_set(127)
Adding cache entry with key = NBT/UWB.EDU#1C; value =
216.186.73.6:389,216.186 .73.7:389,216.186.72.23:389 and timeout = Thu
May 20 10:19:46 2004
(660 seconds ahead)
[2004/05/20 10:08:46, 10] libsmb/namequery.c:internal_resolve_name(1131)
internal_resolve_name: returning 3 addresses: 216.186.73.6:389
216.186.73.7:38 9 216.186.72.23:389
[2004/05/20 10:08:46, 8] libsmb/namequery.c:get_dc_list(1300)
Adding 3 DC's from auto lookup
[2004/05/20 10:08:46, 10]
libsmb/namequery.c:remove_duplicate_addrs2(319)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2004/05/20 10:08:46, 4] libsmb/namequery.c:get_dc_list(1376)
get_dc_list: returning 3 ip addresses in an unordered list
[2004/05/20 10:08:46, 4] libsmb/namequery.c:get_dc_list(1377)
get_dc_list: 216.186.73.6:389 216.186.73.7:389 216.186.72.23:389
[2004/05/20 10:08:46, 5] libads/ldap.c:ads_try_connect(56)
ads_try_connect: trying ldap server '216.186.72.23' port 389
[2004/05/20 10:08:47, 3] libads/ldap.c:ads_connect(218)
Connected to LDAP server 216.186.72.23
[2004/05/20 10:08:47, 3] libads/ldap.c:ads_server_info(2027)
got ldap server name uwb3@UWB.EDU, using bind path: dc=UWB,dc=EDU
[2004/05/20 10:08:47, 4] libads/ldap.c:ads_server_info(2033)
time offset is 0 seconds
[2004/05/20 10:08:47, 4] libads/sasl.c:ads_sasl_bind(423)
Found SASL mechanism GSS-SPNEGO
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 2 840 48018 1 2 2
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 2 840 113554 1 2 2
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 2 840 113554 1 2 2 3
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 3 6 1 4 1 311 2 2 10
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(194)
got principal=uwb3$@UWB.EDU
[2004/05/20 10:08:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(245)
Ticket in ccache[FILE:/tmp/krb5cc_0] expiration Thu, 20 May 2004
19:30:26 GMT
[2004/05/20 10:08:47, 10] libsmb/clikrb5.c:ads_krb5_mk_req(333)
Ticket (uwb3$@UWB.EDU) in ccache (FILE:/tmp/krb5cc_0) is valid until:
(Thu, 20 May 2004 19:30:26 GMT - 1085106626)
[2004/05/20 10:08:47, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(433)
Got KRB5 session key of length 16
[2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cygnus already exists - modifying old account
[2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
Search for (objectclass=*) gave 1 replies
****************************************
*****************************
After the LDAP search it hangs forever. 
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Gerald (Jerry) Carter 2004-05-20, 5:44 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
....
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=*) gave 1 replies
|
| ****************************************
*****************************
| After the LDAP search it hangs forever.
|
I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?
cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFArR+zIR7qMdg1EfYRApA9AJ9eRPJY0epC
gihSOXboJ+Ja6+6vcgCbBcvR
BYuR207X5GEeLtZAp+BV7Pk=
=mbOD
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Aaron Grewell 2004-05-20, 5:44 pm |
| I would start by checking for any kerberos misconfigurations. Just a gut
feeling though. Does kinit run ok ?
Kinit runs fine. I started with a standard Kerb config that I've used a
number of times with good success. I also tried removing /etc/krb5.conf
altogether. Kinit ran fine in either case. Using kinit -V userid@REALM
returns "Authenticated to Kerberos V5" once I've entered my password so I'm
pretty sure it's working. The user I'm authenticating as is a Domain Admin,
and so should have the rights to do what is needed.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| ww m-pubsyssamba 2004-05-22, 10:37 pm |
| >>
I believe this is a bug as I have posted exactly the same problem to this=
list already including some debug info, nobody replied though....
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not just me I'll raise a bug in bugzilla,
thanks Andy Smith.
PS I've replicated the problem on Linux and Solaris and Kerberos is=20
working correctly.
<<
Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
=2E..
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=3D*) gave 1 replies
|
| ****************************************
*****************************
| After the LDAP search it hangs forever.
|
I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?
BBCi at http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain persona=
l views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do n=
ot use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BB=
C monitors e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| ww m-pubsyssamba 2004-05-22, 10:37 pm |
| logged on bugzilla, id 1370
thanks Andy.
[vbcol=seagreen]
I believe this is a bug as I have posted exactly the same problem to =
this
list already including some debug info, nobody replied though....
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not just me I'll raise a bug in bugzilla,
thanks Andy Smith.
PS I've replicated the problem on Linux and Solaris and Kerberos is=20
working correctly.
<<
Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
....
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=3D*) gave 1 replies
|
| ****************************************
*****************************
| After the LDAP search it hangs forever.
|
I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
|
|
| ww m-pubsyssamba 2004-05-22, 10:37 pm |
|
Did you manage to valgrind it?
##
##Yes, I've sent it through to you last week, didn't you recieve it?
##If not I've attached all the out put to the bugzilla bug 1370
## thanks Andy.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| Aaron Grewell 2004-05-22, 10:37 pm |
| Thanks all. At least now I know it's not just me. I'll be watching
bugzilla with interest, and in the meantime I suppose standard Kerb will
have to do.
Aaron Grewell
Network Administrator
University of Washington Bothell
-----Original Message-----
From: samba-bounces+agrewell=uwb.edu@lists.samba.org
[mailto:samba-bounces+agrewell=uwb.edu@lists.samba.org] On Behalf Of ww
m-pubsyssamba
Sent: Friday, May 21, 2004 6:28 AM
To: Andrew Bartlett
Cc: samba@lists.samba.org; Gerald (Jerry) Carter; Andrew Bartlett
Subject: RE: [Samba] net ads join hangs forever
Did you manage to valgrind it?
##
##Yes, I've sent it through to you last week, didn't you recieve it? ##If
not I've attached all the out put to the bugzilla bug 1370 ## thanks Andy.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
| |
| ww m-pubsyssamba 2004-06-30, 7:48 am |
| Hi Aaron,
we've just identified this problem and thought you may be interested if =
you haven't resolved
this already. The bind is failing because the admin account being used to=
join the domain is a
member of too many groups (waiting to hear from M$ what constitutes too m=
any) and as a result the
Kerberos TGT is too large and the kpasswd service on the M$ DC just ignor=
es the change password
request. To work around this created an admin account with minimal group =
membership and use this
to bind Samba boxes to AD.
Of course you may have a different issue with M$ ;-)
cheers Andy.
Thanks all. At least now I know it's not just me. I'll be watching
bugzilla with interest, and in the meantime I suppose standard Kerb will
have to do.
Aaron Grewell
Network Administrator
University of Washington Bothell
This e-mail (and any attachments) is confidential and may contain persona=
l views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do n=
ot use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BB=
C monitors e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
|
|
|
|
|