Discussion:
[Samba] net ads join hangs forever
Aaron Grewell
2004-05-20 23:22:37 UTC
Permalink
I am trying to join my Linux workstation to my ADS domain.
Unfortunately, I'm not having much success. net ads join hangs forever
(or at least for more than 12 hours) when run. The computer account is
created in the domain, but the process never completes. tdbdump
secrets.tdb shows no results, and wbinfo shows users and groups from the
trusted domains but not from the domain I am trying to join. getent has
the same results as wbinfo. net ads info fails altogether, stating that
the ldap server was not found. Watching Ethereal during the net ads
join shows lots of Reverse DNS queries but not much else.

I am using 'Samba-3 by Example' Chapter 9 as the source for my
configurations, and I'm not sure where I've gone wrong.

Platform: Fedora Core 2
Samba: 3.0.3

[***@cygnus root]# net ads join -d 10
[2004/05/20 10:08:46, 5] lib/debug.c:debug_dump_status(367)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
[2004/05/20 10:08:46, 3] param/loadparm.c:lp_load(3886)
lp_load: refreshing parameters
[2004/05/20 10:08:46, 3] param/loadparm.c:init_globals(1307)
Initialising global parameters
[2004/05/20 10:08:46, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2004/05/20 10:08:46, 3] param/loadparm.c:do_section(3384)
Processing section "[global]"
doing parameter workgroup = UWB
doing parameter server string = Samba 3.0.3
doing parameter printcap name = CUPS
doing parameter load printers = yes
doing parameter printing = cups
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter security = ads
doing parameter username map = /etc/samba/smbusers
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter dns proxy = no
doing parameter idmap uid = 16777216-33554431
doing parameter idmap gid = 16777216-33554431
doing parameter template shell = /bin/bash
doing parameter template primary group = "Domain Users"
doing parameter realm = UWB.EDU
doing parameter log level = 1
doing parameter syslog = 1
doing parameter ldap ssl = no
[2004/05/20 10:08:46, 4] param/loadparm.c:lp_load(3918)
pm_process() returned Yes
[2004/05/20 10:08:46, 7] param/loadparm.c:lp_servicenumber(4031)
lp_servicenumber: couldn't find homes
[2004/05/20 10:08:46, 10] param/loadparm.c:set_server_role(3827)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset UCS-2LE
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset UCS-2LE
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset UTF8
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset UTF8
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset ASCII
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset ASCII
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset 646
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset 646
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset ISO-8859-1
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset ISO-8859-1
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(95)
Attempting to register new charset UCS2-HEX
[2004/05/20 10:08:46, 5] lib/iconv.c:smb_register_charset(103)
Registered charset UCS2-HEX
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/charcnv.c:charset_name(74)
Substituting charset 'UTF-8' for LOCALE
[2004/05/20 10:08:46, 5] lib/util.c:init_names(292)
Netbios name list:-
my_netbios_names[0]="CYGNUS"
[2004/05/20 10:08:46, 2] lib/interface.c:add_interface(79)
added interface ip=216.186.72.212 bcast=216.186.72.255
nmask=255.255.255.0
[2004/05/20 10:08:46, 6] libads/ldap.c:ads_find_dc(147)
ads_find_dc: looking for realm 'UWB.EDU'
[2004/05/20 10:08:46, 8] libsmb/namequery.c:get_sorted_dc_list(1402)
get_sorted_dc_list: attempting lookup using [ads]
[2004/05/20 10:08:46, 10] libsmb/namequery.c:internal_resolve_name(1013)
internal_resolve_name: looking up UWB.EDU#1c
[2004/05/20 10:08:46, 5] lib/gencache.c:gencache_init(59)
Opening cache file at /var/cache/samba/gencache.tdb
[2004/05/20 10:08:46, 10] lib/gencache.c:gencache_get(264)
Returning expired cache entry: key = NBT/UWB.EDU#1C, value =
216.186.73.6:389, 216.186.73.7:389,216.186.72.23:389, timeout = Thu May
20 10:05:04 2004

[2004/05/20 10:08:46, 5] libsmb/namecache.c:namecache_fetch(195)
no entry for UWB.EDU#1C found.
[2004/05/20 10:08:46, 10] lib/gencache.c:gencache_del(214)
Deleting cache entry (key = NBT/UWB.EDU#1C)
[2004/05/20 10:08:46, 5] libsmb/namequery.c:resolve_ads(940)
resolve_hosts: Attempting to resolve DC's for UWB.EDU using DNS
[2004/05/20 10:08:46, 10]
libsmb/namequery.c:remove_duplicate_addrs2(319)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2004/05/20 10:08:46, 5] libsmb/namecache.c:namecache_store(131)
namecache_store: storing 3 addresses for UWB.EDU#1c:
216.186.73.6:389,216.186. 73.7:389,216.186.72.23:389
[2004/05/20 10:08:46, 10] lib/gencache.c:gencache_set(127)
Adding cache entry with key = NBT/UWB.EDU#1C; value =
216.186.73.6:389,216.186 .73.7:389,216.186.72.23:389 and timeout = Thu
May 20 10:19:46 2004
(660 seconds ahead)
[2004/05/20 10:08:46, 10] libsmb/namequery.c:internal_resolve_name(1131)
internal_resolve_name: returning 3 addresses: 216.186.73.6:389
216.186.73.7:38 9 216.186.72.23:389
[2004/05/20 10:08:46, 8] libsmb/namequery.c:get_dc_list(1300)
Adding 3 DC's from auto lookup
[2004/05/20 10:08:46, 10]
libsmb/namequery.c:remove_duplicate_addrs2(319)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2004/05/20 10:08:46, 4] libsmb/namequery.c:get_dc_list(1376)
get_dc_list: returning 3 ip addresses in an unordered list
[2004/05/20 10:08:46, 4] libsmb/namequery.c:get_dc_list(1377)
get_dc_list: 216.186.73.6:389 216.186.73.7:389 216.186.72.23:389
[2004/05/20 10:08:46, 5] libads/ldap.c:ads_try_connect(56)
ads_try_connect: trying ldap server '216.186.72.23' port 389
[2004/05/20 10:08:47, 3] libads/ldap.c:ads_connect(218)
Connected to LDAP server 216.186.72.23
[2004/05/20 10:08:47, 3] libads/ldap.c:ads_server_info(2027)
got ldap server name ***@UWB.EDU, using bind path: dc=UWB,dc=EDU
[2004/05/20 10:08:47, 4] libads/ldap.c:ads_server_info(2033)
time offset is 0 seconds
[2004/05/20 10:08:47, 4] libads/sasl.c:ads_sasl_bind(423)
Found SASL mechanism GSS-SPNEGO
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 2 840 48018 1 2 2
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 2 840 113554 1 2 2
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 2 840 113554 1 2 2 3
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(187)
got OID=1 3 6 1 4 1 311 2 2 10
[2004/05/20 10:08:47, 3] libads/sasl.c:ads_sasl_spnego_bind(194)
got principal=uwb3$@UWB.EDU
[2004/05/20 10:08:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(245)
Ticket in ccache[FILE:/tmp/krb5cc_0] expiration Thu, 20 May 2004
19:30:26 GMT
[2004/05/20 10:08:47, 10] libsmb/clikrb5.c:ads_krb5_mk_req(333)
Ticket (uwb3$@UWB.EDU) in ccache (FILE:/tmp/krb5cc_0) is valid until:
(Thu, 20 May 2004 19:30:26 GMT - 1085106626)
[2004/05/20 10:08:47, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(433)
Got KRB5 session key of length 16
[2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for cygnus already exists - modifying old account
[2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
Search for (objectclass=*) gave 1 replies

*********************************************************************
After the LDAP search it hangs forever. :(
Gerald (Jerry) Carter
2004-05-21 02:14:42 UTC
Permalink
Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
...
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=*) gave 1 replies
|
| *********************************************************************
| After the LDAP search it hangs forever. :(
|

I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?





cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
Aaron Grewell
2004-05-21 02:30:14 UTC
Permalink
I would start by checking for any kerberos misconfigurations. Just a gut
feeling though. Does kinit run ok ?

Kinit runs fine. I started with a standard Kerb config that I've used a
number of times with good success. I also tried removing /etc/krb5.conf
altogether. Kinit ran fine in either case. Using kinit -V ***@REALM
returns "Authenticated to Kerberos V5" once I've entered my password so I'm
pretty sure it's working. The user I'm authenticating as is a Domain Admin,
and so should have the rights to do what is needed.
ww m-pubsyssamba
2004-05-21 14:44:18 UTC
Permalink
I believe this is a bug as I have posted exactly the same problem to this
list already including some debug info, nobody replied though....
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not just me I'll raise a bug in bugzilla,

thanks Andy Smith.

PS I've replicated the problem on Linux and Solaris and Kerberos is
working correctly.
<<


Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
...
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=*) gave 1 replies
|
| *********************************************************************
| After the LDAP search it hangs forever. :(
|

I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
Andrew Bartlett
2004-05-21 18:12:04 UTC
Permalink
Post by ww m-pubsyssamba
I believe this is a bug as I have posted exactly the same problem to this
list already including some debug info, nobody replied though....
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not just me I'll raise a bug in bugzilla,
Sorry about the delay, and thanks for keeping on it.
Post by ww m-pubsyssamba
thanks Andy Smith.
PS I've replicated the problem on Linux and Solaris and Kerberos is
working correctly.
Did you manage to valgrind it?
Post by ww m-pubsyssamba
<<
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
...
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=*) gave 1 replies
|
| *********************************************************************
| After the LDAP search it hangs forever. :(
|
I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?
In the trace, it appears that the server just never replies to the 'set
password' request.

We sit around forever, waiting for the reply, rather than resending it
(it is a UDP based request) or timing out.

This is krb5_setpw.c:do_krb5_kpasswd_request()

Andrew Bartlett
--
Andrew Bartlett ***@pcug.org.au
Manager, Authentication Subsystems, Samba Team ***@samba.org
Student Network Administrator, Hawker College ***@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040521/98241077/attachment.bin
ww m-pubsyssamba
2004-05-21 17:03:27 UTC
Permalink
logged on bugzilla, id 1370

thanks Andy.
I believe this is a bug as I have posted exactly the same problem to this
list already including some debug info, nobody replied though....
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not just me I'll raise a bug in bugzilla,

thanks Andy Smith.

PS I've replicated the problem on Linux and Solaris and Kerberos is
working correctly.
<<


Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
...
| [2004/05/20 10:08:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for cygnus already exists - modifying old account
| [2004/05/20 10:08:47, 5] libads/ldap_utils.c:ads_do_search_retry(56)
| Search for (objectclass=*) gave 1 replies
|
| *********************************************************************
| After the LDAP search it hangs forever. :(
|

I would start by checking for any kerberos misconfigurations.
Just a gut feeling though. Does kinit run ok ?
ww m-pubsyssamba
2004-05-21 18:28:31 UTC
Permalink
Did you manage to valgrind it?

##
##Yes, I've sent it through to you last week, didn't you recieve it?
##If not I've attached all the out put to the bugzilla bug 1370
## thanks Andy.
Aaron Grewell
2004-05-21 22:52:29 UTC
Permalink
Thanks all. At least now I know it's not just me. I'll be watching
bugzilla with interest, and in the meantime I suppose standard Kerb will
have to do.

Aaron Grewell
Network Administrator
University of Washington Bothell

-----Original Message-----
From: samba-bounces+agrewell=***@lists.samba.org
[mailto:samba-bounces+agrewell=***@lists.samba.org] On Behalf Of ww
m-pubsyssamba
Sent: Friday, May 21, 2004 6:28 AM
To: Andrew Bartlett
Cc: ***@lists.samba.org; Gerald (Jerry) Carter; Andrew Bartlett
Subject: RE: [Samba] net ads join hangs forever



Did you manage to valgrind it?

##
##Yes, I've sent it through to you last week, didn't you recieve it? ##If
not I've attached all the out put to the bugzilla bug 1370 ## thanks Andy.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Continue reading on narkive:
Loading...