Netjoin problems - Kerberos configuratio issues?

John Wenn jwenn at cp10.es.xerox.com
Tue Feb 11 13:00:27 EST 2003 

I'm trying to get Microsoft's netjoin to work (it's a program to
automatically add a unix machine to a Win2k Active Directory domain).

I've retrieved and compiled the sources on Solaris 2.8.  The LDAP part
works, the computer record is added to the AD server OK.  The problem
comes when trying to set the password.

Just doing a netjoin after rebooting gives me a error:
  "No credentials cache found setting computer password"
When I do a kinit to initialize the cache, it crashes with a core
dump.  Apparently it is having problems finding the kadmin/changepw
account in combination with Win2k AD.  Notice that in the stack that
"cred" is null (hense the core dump) and dn is a random user.

It looks like a Kerberos configuration problem.  I don't have the
proper setup for some reason.

Any help fixing this would be appreciated.

/John

jwenn at cp10.es.xerox.com

--------------------
Debugging output follows:
--------------------
# ./netjoin -A administrator at adtest.net  -D adtest.net  -s
csg-cpqet-006.adtest.net -v
Creating host account for modena at adtest.net
Warning: Using simple LDAP bind.
Password for administrator at adtest.net:
Searching for "modena" at "dc=adtest,dc=net" ...
Existing host account not found - adding as
"cn=modena,cn=computers,dc=adtest,dc=net"
Setting computer password...
netjoin: No credentials cache found setting computer password

# kinit kadmin
Password for kadmin at ADTEST.NET: 

# ./netjoin -A administrator at adtest.net  -D adtest.net  -s
csg-cpqet-006.adtest.net -v
Creating host account for modena at adtest.net
Warning: Using simple LDAP bind.
Password for administrator at adtest.net:
Searching for "modena" at "dc=adtest,dc=net" ...
Existing host account not found - adding as
"cn=modena,cn=computers,dc=adtest,dc=net"
Setting computer password...
Segmentation Fault - core dumped

# dbx netjoin core
 Current function is ldap_sasl_bind
  113                   rc = ber_printf( ber, "{it{ist{so}}", msgid,
LDAP_REQ_BIND,
(dbx) where
=>[1] ldap_sasl_bind(ld = 0xd93c0, dn = 0xd8f88
"cn=manchala,ou=Users,dc=adtest,dc=net", mechanism = 0xff086f58
"CRAM-MD5", cred = (nil), serverctrls = (nil), clientctrls = (nil),
msgidp = 0xffbec620), line 113 in "saslbind.c"
  [2] ldap_sasl_bind_s(ld = 0xd93c0, dn = 0xd8f88
"cn=manchala,ou=Users,dc=adtest,dc=net", mechanism = 0xff086f58
"CRAM-MD5", cred = (nil), serverctrls = (nil), clientctrls = (nil),
servercredp = 0xffbec6b4), line 166 in "saslbind.c"
  [3] ldap_sasl_cram_md5_bind_s(0xd93c0, 0xffbec6b4, 0xffbec718, 0x0,
0x0, 0xff084000), at 0xff05e510
  [4] MakeSession(0xd86f8, 0xd8f88, 0xd64a8, 0xffbee0c4, 0xd93c0,
0xff0b6000), at 0xff09b900
  [5] MakeConnection(0xda848, 0xda848, 0xffbee0c4, 0xffbee048,
0xd86e0, 0xff0b6000), at 0xff09b2f8
  [6] __s_api_getConnection_ext(0xd9240, 0x0, 0x0, 0xda848,
0xffffffff, 0xffbee048), at 0xff094ae0
  [7] __ns_ldap_list(0xffbee0c4, 0x0, 0xff0ecab8, 0x0, 0xffbee0c4,
0x0), at 0xff09708c
  [8] _nss_ldap_lookup(0xda290, 0xda2ac, 0xff0ecdf4, 0xffbee128, 0x0,
0xffbee300), at 0xff0d9d78
  [9] getbyname(0xda290, 0xffbee300, 0xff0ec000, 0xda814, 0x2371c,
0xff1491e0), at 0xff0d91d0
  [10] _nss_search(0x1, 0xff1bcf44, 0xff1c15e4, 0xff0d9158, 0xda238,
0xda290), at 0xff149270
  [11] _switch_getservbyname_r(0xbe710, 0xbe720, 0xd9e14, 0xd9e24,
0x400, 0x75647000), at 0xff239614
  [12] _get_hostserv_inetnetdir_byname(0xffbee42c, 0xffbee434, 0x0,
0xffbee434, 0xff29ce9c, 0xff315c38), at 0xff21b1c0
  [13] getservbyname_r(0xbe710, 0xd74a0, 0xd9e14, 0xd9e24, 0x400,
0xff32a000), at 0xff315c2c
  [14] krb5_locate_srv_conf(0xd5d28, 0xd61b4, 0xbe748, 0xffbee680,
0xffbee67c, 0xd8320), at 0x7a620
  [15] krb5_locate_kdc(0xd5d28, 0xd61b4, 0xffbee680, 0xffbee67c, 0x0,
0xff142954), at 0x7b5d0
  [16] krb5_sendto_kdc(0xd5d28, 0xd8338, 0xd61b4, 0xffbee814, 0x0,
0x72028), at 0x7bd08
  [17] krb5_send_tgs(0xd5d28, 0x0, 0xffbeeba4, 0x0, 0xd7e28, 0xd7e48),
at 0x72048
  [18] krb5_get_cred_via_tkt(0xd5d28, 0xffbee928, 0x0, 0x0, 0x0,
0xffbeeb54), at 0x6a4b0
  [19] krb5_get_cred_from_kdc_opt(0xd5d28, 0xd7868, 0x0, 0x0, 0x0,
0x0), at 0x9bde0
  [20] krb5_get_cred_from_kdc(0xd5d28, 0xd7868, 0xffbeeb88,
0xffbeeb54, 0xffbeea6c, 0x6ab58), at 0x9bee4
  [21] krb5_get_credentials(0xd5d28, 0x0, 0x0, 0xffbeeb88, 0x96c73a8d,
0x0), at 0x6abe8
  [22] krb5_set_password(context = 0xd5d28, ccache = 0xd7868, newpw =
0xd7ac0 "+1V4z2t1SlCxRNuD", targprinc = 0xd62f0, result_code =
0xffbeecc0, result_code_string = 0xffbef110, result_string =
0xffbef100), line 354 in "setpw.c"
  [23] set_password(host = 0xd4870 "modena", domain = 0xffbef7e5
"ADTEST.NET", use_default_kt = 1), line 389 in "netjoin.c"
  [24] main(argc = 0, argv = 0xd4ad0), line 288 in "netjoin.c"

More information about the Kerberos mailing list