| eantoranz |
10-03-2006 01:18 PM |
problems with samba after AD promotion
We have had linux proxy servers authenticating users against a ActiveDirectory server for a year now. Flawless.
Some days ago another server was installed and the AD service has been moved from the old server to the new one. I don't know the steps involved. All I know is that it was "promoted".
I changed the configuration of kerberos so that the new server is used instead and kinit works perfectly:
Code:
$ kinit -V ecarmona
Password for ecarmona@FHEP.ORG:
Authenticated to Kerberos v5
$
.... however, there are trust problems now (and so the proxy doesn't want to allow users to pass through.
I tried to rejoin the proxy server to the domain, but I haven't been able to.. and I think it's related to the LDAP service in the AD server (at least acording to samba).
How can this be solved (if anybody knows)?
Code:
$ sudo net ads join -U Administrator -d 5
[2006/10/03 14:12:53, 5] lib/debug.c:debug_dump_status(366)
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
[2006/10/03 14:12:53, 3] param/loadparm.c:lp_load(3910)
lp_load: refreshing parameters
[2006/10/03 14:12:53, 3] param/loadparm.c:init_globals(1320)
Initialising global parameters
[2006/10/03 14:12:53, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2006/10/03 14:12:53, 3] param/loadparm.c:do_section(3403)
Processing section "[global]"
doing parameter workgroup = fhep
doing parameter realm = FHEP.ORG
doing parameter server string = %h servidor proxy auxiliar (Samba, Ubuntu)
doing parameter netbios name = fhep_proxy
[2006/10/03 14:12:53, 4] param/loadparm.c:handle_netbios_name(2748)
handle_netbios_name: set global_myname to: FHEP_PROXY
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = domain
doing parameter encrypt passwords = true
doing parameter password server = *
doing parameter passdb backend = tdbsam guest
doing parameter obey pam restrictions = yes
doing parameter invalid users = root
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
doing parameter socket options = TCP_NODELAY
[2006/10/03 14:12:53, 4] param/loadparm.c:lp_load(3941)
pm_process() returned Yes
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS-2LE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS-2LE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-16LE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-16LE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS-2BE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS-2BE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-16BE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-16BE
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF8
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF8
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-8
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-8
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset ASCII
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset ASCII
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset 646
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset 646
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset ISO-8859-1
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset ISO-8859-1
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS2-HEX
[2006/10/03 14:12:53, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS2-HEX
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:53, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'UTF-8' for LOCALE
[2006/10/03 14:12:54, 5] lib/util.c:init_names(256)
Netbios name list:-
my_netbios_names[0]="FHEP_PROXY"
[2006/10/03 14:12:54, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0
[2006/10/03 14:12:54, 2] lib/interface.c:add_interface(79)
added interface ip=x.x.x.x bcast=y.y.y.y nmask=z.z.z.z
Administrator's password:
[2006/10/03 14:13:12, 5] lib/gencache.c:gencache_init(59)
Opening cache file at /var/run/samba/gencache.tdb
[2006/10/03 14:13:12, 5] libsmb/namecache.c:namecache_fetch(195)
no entry for FHEP.ORG#1C found.
[2006/10/03 14:13:12, 4] libsmb/namequery.c:get_dc_list(1332)
get_dc_list: no servers found
[2006/10/03 14:13:12, 5] libsmb/namecache.c:namecache_fetch(201)
name FHEP#1C found.
[2006/10/03 14:13:12, 4] libsmb/namequery.c:get_dc_list(1406)
get_dc_list: returning 1 ip addresses in an unordered list
[2006/10/03 14:13:12, 4] libsmb/namequery.c:get_dc_list(1407)
get_dc_list: 192.168.0.3:0
[2006/10/03 14:13:12, 5] libads/ldap.c:ads_try_connect(85)
ads_try_connect: trying ldap server '192.168.0.3' port 389
[2006/10/03 14:13:12, 3] libads/ldap.c:ads_connect(247)
Connected to LDAP server 192.168.0.3
[2006/10/03 14:13:12, 1] libads/ldap.c:ads_connect(251)
Failed to get ldap server info
[2006/10/03 14:13:12, 0] utils/net_ads.c:ads_startup(186)
ads_connect: No results returned
[2006/10/03 14:13:12, 2] utils/net.c:main(859)
return code = -1
$
|
