Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Samba + Winbind Error
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
the_sphynx
Apprentice
Apprentice


Joined: 19 May 2004
Posts: 156
Location: Thornton, CO
PostPosted: Wed May 25, 2005 5:03 pm    Post subject: Samba + Winbind Error Reply with quote
I used this as my guide to get Samba talking to AD. I have had good success until I get to the wbinfo -u and wbinfo -g steps. It errors out and tells me:
Code:

graphing mrtg # wbinfo -u
Error looking up domain users

My log file looks like this:
Code:

graphing mrtg # cat /var/log/samba/log.winbindd | more
[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:54:58, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database
[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:54:58, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFEXT failed: Server not found in Kerberos database
[2005/05/25 10:55:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds
[2005/05/25 10:57:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds
[2005/05/25 10:57:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds
[2005/05/25 10:58:09, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for nt_ccmail$@REI.CTT.COM (Server not found in Kerberos database)
[2005/05/25 10:58:09, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)
  spnego_gen_negTokenTarg failed: Server not found in Kerberos database
[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFEXT failed: Server not found in Kerberos database
[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database
[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFEXT failed: Server not found in Kerberos database
[2005/05/25 10:58:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:45, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database
[2005/05/25 10:58:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:54, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)
  spnego_gen_negTokenTarg failed: Server not found in Kerberos database
[2005/05/25 10:58:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:55, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFEXT failed: Server not found in Kerberos database
[2005/05/25 10:58:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:55, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)
  spnego_gen_negTokenTarg failed: Server not found in Kerberos database
[2005/05/25 10:58:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)
[2005/05/25 10:58:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database
[2005/05/25 10:59:07, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds

My question is why is it looking at the FNFGLOBAL.LOCAL & FNFEXT.LOCAL domains? I have FNFINC.COM in my /etc/krb5.conf as follows:
Code:

graphing mrtg # cat /etc/krb5.conf
[libdefaults]
   default_realm = FNFINC.COM

   [realms]
   FNFINC.COM = {
        kdc = sgcfnf-co01.fnfinc.com
   }

[domain_realm]
        fnfinc.com = FNFINC.COM

[kdc]
        profile = /etc/krb5kdc/kdc.conf

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        default = FILE:/var/log/krb5lib.log

Any help would be greatly appreciated!
_________________
Folding@Home User 285941
Back to top
View user's profile Send private message
GenTimJS
Guru
Guru


Joined: 03 May 2003
Posts: 406
Location: NH, USA
PostPosted: Wed May 25, 2005 6:46 pm    Post subject: Reply with quote
krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)


looks like you made a typo somewhere, or left a server identification out of a config file?

also, you need to run the "net" command as root usually when you join the kerberos realm
_________________
-Tim Smith
Back to top
View user's profile Send private message
the_sphynx
Apprentice
Apprentice


Joined: 19 May 2004
Posts: 156
Location: Thornton, CO
PostPosted: Wed May 25, 2005 10:15 pm    Post subject: Reply with quote
I was able to get the machine to join the domain properly with the net command. However, what seems to be happening is it is trying to use all of the domains that the FNFINC.COM domain trusts for password server (I am assuming this).
Here is my smb.conf:
Code:

graphing mrtg # cat /etc/samba/smb.conf
# This is the global configuration section
[global]
        netbios name = Graphing
        socket options = TCP_NODELAY SO_RCVBUF=16383 SO_SNDBUF=16384
        idmap uid = 10000-20000
        winbind enum users = yes
        winbind gid = 10000-20000
        workgroup = FNFINC
        os level = 20
        winbind enum groups = yes
        socket address = 170.88.217.55
        password server = SGCFNF-CO01
        preferred master = no
        winbind separator = @
        max log size = 50
        log file = /var/log/samba/log.%m
        encrypt passwords = yes
        dns proxy = no
        realm = FNFINC.COM
        security = ADS
        wins server = 10.10.1.10
        wins proxy = no

# This is the location where we define shares.
[Website]
        comment = Location of the graphing website
        writeable = yes
        path = /var/www/graphing

_________________
Folding@Home User 285941
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy