OS: OmniOS 5.11 omnios-r151018-ae3141d April 2016
Napp-it: 16.07 PRO
Isn't entirely napp-it related, but lets summarize:
When I try to join my fresh Windows 2012R2 domain via Services -> SMB -> Active Directory it fails with:
# tail -f /var/adm/messages (take care about the time stamp between the log entries #1 and #2)
Doesn’t matter which LM authentication level is set.
Log message #2
Common error messages for the Kerberos commands:
http://docs.oracle.com/cd/E19253-01/816-4557/trouble-6/index.html
Exchange of IP to FQDN for the domain server and a smbadm join -u admin home.lan on CLI doesn't solved the problem.
Nevertheless, after the first try to join kerberos seems to work:
# klist
# kinit -V administrator
LDAP wireshark package analysis: bindRequest -> bindResponse -> success
But all followed LDAP packages are malformed? This is what wireshark spoke:
Finally, there is no computer object created for the napp-it server on the domain controller.
Any hints for me?
Napp-it: 16.07 PRO
Isn't entirely napp-it related, but lets summarize:
When I try to join my fresh Windows 2012R2 domain via Services -> SMB -> Active Directory it fails with:
Code:
Joining home.lan ... this may take a minute ...
failed to join domain home.lan
using AD server: ads.home.lan
Failed to set machine password.
Please refer to the service log for more information.
Code:
Jul 17 19:04:11 tanker idmap[458]: [ID 452651 daemon.error] adutils: ldap_lookup_init failed
Jul 17 19:04:30 tanker smbd[604]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Cannot contact any KDC for requested realm)
Jul 17 19:04:30 tanker smbd[604]: [ID 871254 daemon.error] smbd: failed joining home.lan (UNSUCCESSFUL)
Log message #2
Code:
KPASSWD protocol exchange failed (Cannot contact any KDC for requested realm)
http://docs.oracle.com/cd/E19253-01/816-4557/trouble-6/index.html
@gea napp-it consequently use the IP address in the [realms] declaration of /etc/krb5/krb5.confCannot contact any KDC for requested realm
Cause:
No KDC responded in the requested realm.
Solution:
Make sure that at least one KDC (either the master or a slave) is reachable or that the krb5kdc daemon is running on the KDCs. Check the /etc/krb5/krb5.conf file for the list of configured KDCs (kdc = kdc-name).
Exchange of IP to FQDN for the domain server and a smbadm join -u admin home.lan on CLI doesn't solved the problem.
Nevertheless, after the first try to join kerberos seems to work:
# klist
Code:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@HOME.LAN
Valid starting Expires Service principal
17/07/2016 20:41 18/07/2016 06:41 krbtgt/HOME.LAN@HOME.LAN
renew until 24/07/2016 20:41
Code:
Password for administrator@HOME.LAN:
Authenticated to Kerberos v5
But all followed LDAP packages are malformed? This is what wireshark spoke:
Code:
Lightweight Directory Access Protocol
SASL Buffer Length: 67
SASL Buffer
GSS-API Generic Security Service Application Program Interface
krb5_blob: 050406ff000000000000000029518538caecf3a1aeeab8ad...
krb5_tok_id: KRB_TOKEN_CFX_WRAP (0x0405)
krb5_cfx_flags: 0x06, AcceptorSubkey, Sealed
.... .1.. = AcceptorSubkey: Set
.... ..1. = Sealed: Set
.... ...0 = SendByAcceptor: Not set
krb5_filler: ff
krb5_cfx_ec: 0
krb5_cfx_rrc: 0
krb5_cfx_seq: 693208376
krb5_sgn_cksum: caecf3a1aeeab8ad8272ac722ac802b33b11e005815b181c...
GSS-API payload (60 bytes)
LDAPMessage
BER Error: Sequence expected but class:UNIVERSAL(0) primitive tag:5 was unexpected
[Expert Info (Warn/Malformed): BER Error: Sequence expected]
[BER Error: Sequence expected]
[Severity level: Warn]
[Group: Malformed]
Any hints for me?
Last edited: