[Pkg-samba-maint] Bug#515767: samba: net ads join dont work(ads_sasl_spnego_krb5_bind failed:), but kinit & klist are ok

Frank Matthieß debian-bugreport at matthiess.it
Tue Jan 26 10:24:18 UTC 2010 

Package: samba
Version: 2:3.4.3-2
Severity: normal


nc-xfer:~# kinit Administtrator at DOMAIN.TLD
Password for Administrator at DOMAIN.TLD: 

nc-xfer:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at DOMAIN.TLD

Valid starting     Expires            Service principal
01/26/10 11:21:54  01/26/10 21:12:25  krbtgt/DOMAIN.TLD at DOMAIN.TLD
	renew until 01/27/10 11:12:34

nc-xfer:~# net ads join -U Administrator
[2010/01/26 11:22:03,  0] libads/sasl.c:819(ads_sasl_spnego_bind)
  kinit succeeded but ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type
Failed to join domain: failed to connect to AD: Program lacks support for encryption type

nc-xfer:~# cat /etc/samba/smb.conf
[global]
	config backend = registry

nc-xfer:~# net conf list
[global]
	server string = %h NC Austauschserver
	dns proxy = no
	log file = /var/log/samba/log.%m
	max log size = 1000
	syslog = 0
	panic action = /usr/share/samba/panic-action %d
	passdb backend = tdbsam
	obey pam restrictions = yes
	unix password sync = yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	pam password change = yes
	idmap uid = 10000-15000
	idmap gid = 10000-15000
	winbind separator = /
	encrypt passwords = yes
	password server = hauptserver.domain.tld
	client use spnego = yes
	winbind enum users = yes
	winbind enum groups = yes
	winbind cache time = 60
	winbind nested groups = yes
	winbind expand groups = 3
	add share command = /usr/local/bin/samba-addshare
	domain master = no
	log level = 3 auth:10
	template homedir = /home/shares/ssssssss/%U
	template shell = /bin/bash
	winbind use default domain = yes
	kerberos method = system keytab
	workgroup = DOMAIN
	security = ads
	realm = domain.tld

[ssssssss]
	path = /home/shares/ssssssss
	guest ok = no
	read only = no
	acl group control = true

ii  krb5-config                                    2.2                                            Configuration files for Kerberos Version 5
ii  krb5-user                                      1.8+dfsg~alpha1-5                              Basic programs to authenticate using MIT Kerberos
ii  libgssapi-krb5-2                               1.8+dfsg~alpha1-5                              MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii  libkrb5-3                                      1.8+dfsg~alpha1-5                              MIT Kerberos runtime libraries
ii  libkrb5support0                                1.8+dfsg~alpha1-5                              MIT Kerberos runtime libraries - Support library

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages samba depends on:
ii  adduser                3.112             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.28            Debian configuration management sy
ii  libacl1                2.2.49-1          Access control list shared library
ii  libattr1               1:2.4.44-1        Extended attribute shared library
ii  libc6                  2.10.2-2          GNU C Library: Shared libraries
ii  libcap2                1:2.17-2          support for getting/setting POSIX.
ii  libcomerr2             1.41.9-1          common error description library
ii  libcups2               1.4.2-4           Common UNIX Printing System(tm) - 
ii  libgnutls26            2.8.5-2           the GNU TLS library - runtime libr
ii  libgssapi-krb5-2       1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - k
ii  libk5crypto3           1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - C
ii  libkrb5-3              1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries
ii  libldap-2.4-2          2.4.17-2.1        OpenLDAP libraries
ii  libpam-modules         1.1.0-4           Pluggable Authentication Modules f
ii  libpam-runtime         1.1.0-4           Runtime support for the PAM librar
ii  libpam0g               1.1.0-4           Pluggable Authentication Modules l
ii  libpopt0               1.15-1            lib for parsing cmdline parameters
ii  libtalloc2             2.0.1-1           hierarchical pool based memory all
ii  libwbclient0           2:3.4.3-2         Samba winbind client library
ii  lsb-base               3.2-23            Linux Standard Base 3.2 init scrip
ii  procps                 1:3.2.8-2         /proc file system utilities
ii  samba-common           2:3.4.3-2         common files used by both the Samb
ii  update-inetd           4.35              inetd configuration file updater
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

Versions of packages samba recommends:
ii  logrotate                     3.7.8-4    Log rotation utility

Versions of packages samba suggests:
pn  ctdb                          <none>     (no description available)
pn  ldb-tools                     <none>     (no description available)
pn  openbsd-inetd | inet-superser <none>     (no description available)
pn  smbldap-tools                 <none>     (no description available)

-- debconf information:
  samba/run_mode: daemons
  samba/generate_smbpasswd: true

More information about the Pkg-samba-maint mailing list