LdapError while joining RHEL3 to AD domain

[vilis]

My aim is to join my RHEL3 Linux server to our Active Directory 2003 Domain. I'm using newest available packets (on RedHat for RHEL3) of Kerberos(1.2.7-47), Samba(3.0.9-13E) and OpenLdap(2.0.21-17). According to Red Hat with these packages the joining of RHEL3 to AD2003 doimain should be succesfully. At the moment the user authentication is Kerberized, so that Linux users are authenticated against Active Directory. My next step is join my RHEL3 to AD Domain.

I have followed steps described in Red Hat's article ID: 5787 with no luck. I wan't to join in ADS mode so I use command: "net ads join "Computers\Servers" -U AdminUser". After this I receive an error saying: "ads_join_realm: Operations error". I investigated the network traffic using Ethereal. I managed to capture this error:"LdapErr: DSID-0C0905FF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece". Below there's a debugging file which shows what happens during joining attemp.

According to testparm /etc/samba/smb.conf my samba configuration file is valid and also my krb5.conf file must be valid because kerberized user authentication works fine (pam_krb5). Both configuration files are listed below. I'm able to receive a TGT using comman "kinit user_name" and I'm also able to list my tickets by command "klist" which shows that I have a TGT to Domain Controller.

I have done a lot of research with no luck and now I'm hoping that You could help me to join my RHEL3 server to out AD Domain.

Here's my configuration and debugging files:
smb.conf

Code:

[global]
        workgroup = DOMAIN
        realm = DOMAIN.NET
        server string = RHEL3 Server
        password server = 111.111.111.111	#ip of AD domain controller
        log level = 3
        log file = /var/log/samba/%m.log
        max log size = 50
        server signing = auto
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        preferred master = No
        dns proxy = No
        idmap uid = 1000-60000
        idmap gid = 1000-60000
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

krb5.conf

Code:

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 kdc = SYSLOG:INFO:AUTHPRIV

[libdefaults]
 ticket_lifetime = 24000
 default_realm = DOMAIN.NET
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc
 
[realms]
 DOMAIN.NET = {
  kdc = 111.11.111.111:88
  admin_server = 111.111.111.111:749
  default_domain = domain.net
  kpasswd_server = 111.111.111.111
 }

[domain_realm]
 .domain.net = DOMAIN.NET
domain.net = DOMAIN.NET

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

and samba debugging

Code:

[root@l05lnx03# net ads join "Computers\Servers\" -U AdminUser -d10
[2005/10/06 12:57:40, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2005/10/06 12:57:40, 3] param/loadparm.c:lp_load(3911)
  lp_load: refreshing parameters
[2005/10/06 12:57:40, 3] param/loadparm.c:init_globals(1312)
  Initialising global parameters
[2005/10/06 12:57:40, 3] param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2005/10/06 12:57:40, 3] param/loadparm.c:do_section(3404)
  Processing section "[global]"
  doing parameter workgroup = DOMAIN
  doing parameter netbios name = L05LNX03
[2005/10/06 12:57:40, 4] param/loadparm.c:handle_netbios_name(2749)
  handle_netbios_name: set global_myname to: L05LNX03
  doing parameter realm = DOMAIN.NET
  doing parameter preferred master = no
  doing parameter security = ADS
  doing parameter log level = 3
  doing parameter log file = /var/log/samba/%m
  doing parameter max log size = 50
  doing parameter encrypt passwords = yes
  doing parameter client use spnego = yes
  doing parameter server signing = auto
  doing parameter password server = 111.111.111.111
  doing parameter idmap uid = 1000-60000
  doing parameter idmap gid = 1000-60000
  doing parameter server string = RHEL3 Server
  doing parameter printcap name = /etc/printcap
  doing parameter load printers = yes
  doing parameter cups options = raw
  doing parameter log file = /var/log/samba/%m.log
  doing parameter max log size = 50
  doing parameter security = user
  doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  doing parameter dns proxy = no
[2005/10/06 12:57:40, 4] param/loadparm.c:lp_load(3942)
  pm_process() returned Yes
[2005/10/06 12:57:40, 7] param/loadparm.c:lp_servicenumber(4052)
  lp_servicenumber: couldn't find homes
[2005/10/06 12:57:40, 10] param/loadparm.c:set_server_role(3851)
  set_server_role: role = ROLE_STANDALONE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS-2LE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS-2LE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-16LE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-16LE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS-2BE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS-2BE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-16BE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-16BE
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF8
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF8
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UTF-8
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UTF-8
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset ASCII
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset ASCII
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset 646
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset 646
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset ISO-8859-1
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset ISO-8859-1
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(103)
  Attempting to register new charset UCS2-HEX
[2005/10/06 12:57:40, 5] lib/iconv.c:smb_register_charset(111)
  Registered charset UCS2-HEX
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2005/10/06 12:57:40, 5] lib/util.c:init_names(278)
  Netbios name list:-
  my_netbios_names[0]="L05LNX03"
[2005/10/06 12:57:40, 2] lib/interface.c:add_interface(79)
  added interface ip=111.111.111.111 bcast=111.111.111.255 nmask=255.255.255.128
AdminUser's password:
[2005/10/06 12:57:44, 6] libads/ldap.c:ads_find_dc(176)
  ads_find_dc: looking for realm 'DOMAIN.NET'
[2005/10/06 12:57:44, 8] libsmb/namequery.c:get_sorted_dc_list(1433)
  get_sorted_dc_list: attempting lookup using [ads]
[2005/10/06 12:57:44, 10] libsmb/namequery.c:remove_duplicate_addrs2(320)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2005/10/06 12:57:44, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 1 ip addresses in an ordered list
[2005/10/06 12:57:44, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 192.194.147.10:0
[2005/10/06 12:57:44, 5] libads/ldap.c:ads_try_connect(85)
  ads_try_connect: trying ldap server '111.111.111.111' port 389
[2005/10/06 12:57:44, 3] libads/ldap.c:ads_connect(247)
  Connected to LDAP server 111.111.111.111
[2005/10/06 12:57:44, 3] libads/ldap.c:ads_server_info(2432)
  got ldap server name DC@DOMAIN.NET, using bind path: dc=DOMAIN,dc=NET
[2005/10/06 12:57:44, 4] libads/ldap.c:ads_server_info(2438)
  time offset is 0 seconds
[2005/10/06 12:57:44, 4] libads/sasl.c:ads_sasl_bind(447)
  Found SASL mechanism GSS-SPNEGO
[2005/10/06 12:57:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/10/06 12:57:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/10/06 12:57:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/10/06 12:57:44, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/10/06 12:57:44, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name =DC@DOMAIN.NET
[2005/10/06 12:57:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2005/10/06 12:57:44, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
  Ticket in ccache[MEMORY:net_ads] expiration Thu, 06 Oct 2005 22:57:44 GMT
[2005/10/06 12:57:44, 10] libsmb/clikrb5.c:ads_krb5_mk_req(409)
  ads_krb5_mk_req: Ticket (DC@DOMAIN.NET) in ccache (MEMORY:net_ads) is valid until: (Thu, 06 Oct 2005 22:57:44 GMT - 1128628664)
[2005/10/06 12:57:44, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(510)
  Got KRB5 session key of length 16
[2005/10/06 12:57:44, 10] intl/lang_tdb.c:lang_tdb_init(135)
  lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
ads_join_realm: Operations error
[2005/10/06 12:57:44, 2] utils/net.c:main(859)
  return code = -1

[/quote][/url]