I'm not a fan of posting 'me too' messages but in this case I'm having _exactly_ the same errors. Hopefully this post will add to the information on this problem. Looking in /var/log/samba/winbind.log I also get the error; [2004/11/16 19:55:23, 1] libsmb/clikrb5.c:ads_krb5_mk_req(323) krb5_cc_get_principal failed (No credentials cache found) [2004/11/16 19:55:23, 0] libads/kerberos.c:ads_kinit_password(136) kerberos_kinit_password host/DAVEMAC-FC3@xxxxxxxxxxxxxxxxxx <mailto:host/DAVEMAC-FC3@xxxxxxxxxxxxxxxxxx> failed: Client not found in Kerberos database [2004/11/16 19:55:23, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain PROFITMASTER failed: Client not found in Kerberos database In nmbd.log is; [2004/11/16 20:03:48, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name PROFTIMASTER<1b> for the workgroup PROFTIMASTER. Unable to sync browse lists in this workgroup. I was able to get past the wbinfo -t problem by using 'net join -S <AD server> -U administrator%<password>'. It now reports 'checking the trust secret via RPC calls succeeded' The server that I'm connecting to is a Windows SBS 2003 machine that I've disabled the SMB signing on. I've also tried reloading the workstation with FC3 and got the same errors libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (<machinename>): Type or value exists so I guessing that something is up with AD. I my case I'm using a dual boot machine that also has Windows XP Professional installed - I've not had chance to test a standalone FC3 machine. David McCormack ________________________________ From: fedora-list-bounces@xxxxxxxxxx on behalf of Rafiq_Maniar@xxxxxxxx Sent: Tue 16/11/2004 18:00 To: fedora-list@xxxxxxxxxx Subject: RE: Authenticating off a Windows 2003 ADS DC with Samba/Winbind[Scanned] Ok guys, at least I know that it does work for other people. Here's the network configuration: - Windows 2003 Server gx270-rmaniar [192.168.0.100] - Fedora Core 3 gx280rmaniarFC3 [192.168.0.5] FYI: A Windows XP box correctly connects to the DC OK. ********************** Here's what I've done: - removed the Active Directory service from the W2K3 box and started from scratch again. - configured /etc/krb5.conf - timesynced both the Linux and Windows boxes - Used kinit Administrator@xxxxxxxx to login, all OK. - Can login to smb share using smbclient -k //gx270-rmaniar/C$ so kerberos ticket is ok. - configured winbind/smb.conf using the Authentication applet. - smb/winbind are started ok. ********************** Here's the problem: [root@gx280rmaniarFC3 samba]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:35:12, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists So it says it exists already, despite the fact that its not shown in the 'Computers' list in AD. Tried it again, and got: [root@gx280rmaniarFC3 pam.d]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:51:26, 0] libads/ldap.c:ads_add_machine_acct(1297) ads_add_machine_acct: Host account for gx280rmaniarfc3 already exists - modifying old account [2004/11/16 17:51:26, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists The computer now appears in the "Computers" list on the Windows server. [root@gx280rmaniarFC3 samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_INTERNAL_ERROR (0xc00000e5) Could not check secret ********************** Here's the relevant info from smb.conf: workgroup = TEST.COM security = ads password server = 192.168.0.100 realm = TEST.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = no And someone asked for authconfig --test --kickstart: caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is disabled LDAP+TLS is disabled LDAP server = "127.0.0.1" LDAP base DN = "dc=example,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is enabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" SMB security = "ads" SMB realm = "TEST.COM" Winbind template shell = "/bin/bash" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = "TEST.COM" krb5 realm via dns is disabled krb5 kdc = "192.168.0.100:88,192.168.0.100" krb5 kdc via dns is disabled krb5 admin server = "" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "127.0.0.1" LDAP base DN = "dc=example,dc=com" pam_smb_auth is disabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" pam_winbind is enabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" SMB security = "ads" SMB realm = "TEST.COM" pam_cracklib is enabled (retry=3) pam_passwdqc is disabled () So there you have it. I've googled for the problem with no luck. Any ideas? Thanks, Rafiq -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
<<winmail.dat>>
