likewise-open fails to join Windows 2000 SP4 domain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
krb5 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Thierry Carrez |
Bug Description
Binary package hint: likewise-open
Package: likewise-open
Architecture: amd64
Version: 5.4.0.42111-1
uname: Linux 2.6.32-18-generic #27-Ubuntu SMP
I am unable to join an AD domain. This machine was upgraded from 9.04 to 9.10, after that update, I was able to join the domain and things worked fine. I upgraded to 10.04, and the likewise-open upgrade failed. I cleaned the old likewise-open install, reinstalled likewise-open and was unable to join the domain. I also tried using the suggestions offered in Bug #543963, but that resulted in the same outcome which follows:
sudo domainjoin-cli --loglevel verbose join mydomain.com adminuser
Joining to AD Domain: mydomain.com
With Computer DNS Name: mycomputer.
<email address hidden>'s password:
(at this point the program pauses for 30 seconds to a minute)
Error: Lsass Error [code 0x00080047]
59 (0x3B) ERROR_UNEXP_NET_ERR - Unknown error
The last few syslog entries:
Mar 30 10:19:07 mycomputer lwiod[17879]: GSS-API error calling gss_init_
Mar 30 10:19:07 mycomputer lwiod[17879]: GSS-API error calling gss_init_
Mar 30 10:19:11 mycomputer lwiod[17879]: GSS-API error calling gss_init_
Mar 30 10:19:11 mycomputer lwiod[17879]: GSS-API error calling gss_init_
Mar 30 10:19:12 mycomputer lwiod[17879]: GSS-API error calling gss_init_
Mar 30 10:19:12 mycomputer lwiod[17879]: GSS-API error calling gss_init_
Mar 30 10:19:17 mycomputer lsassd[17901]: 0x7fee6ae8a710:
== SRU Report ==
Impact:
It's impossible to use Likewise Open in lucid to join a domain with Windows 2000 Domain controllers. This is a regression from karmic and hardy.
Development branch fix:
Maverick synced to Debian's 1.8.1+dfsg-5, which has the fix from upstream trunk backported.
Minimal patch:
http://
This patch was proposed by the Likewise team and committed to krb5 upstream trunk.
TEST CASE:
$ sudo apt-get install likewise-open
$ sudo domainjoin-cli join <DOMAIN> <ADMINUSER>
Affected version fails to join the domain.
Fixed version joins the domain OK.
Regression potential:
The patch is quite sensitive, though the special handling seems limited to Windows 2000 duplicate response tokens. It has been thoroughly discussed between the Likewise developers, the Debian maintainer of krb5, and upstream. It's been applied in upstream krb5 and in the current debian version.
Changed in krb5 (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in krb5 (Ubuntu Lucid): | |
assignee: | nobody → Thierry Carrez (ttx) |
tags: | added: patch |
Changed in krb5 (Ubuntu Lucid): | |
assignee: | Thierry Carrez (ttx) → nobody |
milestone: | none → lucid-updates |
Changed in krb5 (Ubuntu Lucid): | |
assignee: | nobody → Thierry Carrez (ttx) |
Changed in krb5 (Ubuntu): | |
milestone: | lucid-updates → none |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Can you give us details about the domain? For example, are the DCs running Windows 2000, 2003, or 2008?
> -----Original Message----- mydomain. com sec_context: 589824 (Invalid token was supplied) sec_context: 100003 () sec_context: 589824 (Invalid token was supplied) sec_context: 100003 () sec_context: 589824 (Invalid token was supplied) sec_context: 100003 () Failed to run -provider' ) -> error = 59, symbol = ERROR_UNEXP_ NET_ERR, /bugs.launchpad .net/bugs/ 551901
> From: <email address hidden> [mailto:<email address hidden>] On Behalf Of
> Matt
> Sent: Tuesday, March 30, 2010 10:26 AM
> To: <email address hidden>
> Subject: [Bug 551901] [NEW] likewise-open fails to join domain (lucid)
>
> Public bug reported:
>
> Binary package hint: likewise-open
>
> Package: likewise-open
> Architecture: amd64
> Version: 5.4.0.42111-1
> uname: Linux 2.6.32-18-generic #27-Ubuntu SMP
>
> I am unable to join an AD domain. This machine was upgraded from 9.04
> to 9.10, after that update, I was able to join the domain and things
> worked fine. I upgraded to 10.04, and the likewise-open upgrade
> failed.
> I cleaned the old likewise-open install, reinstalled likewise-open and
> was unable to join the domain. I also tried using the suggestions
> offered in Bug #543963, but that resulted in the same outcome which
> follows:
>
> sudo domainjoin-cli --loglevel verbose join mydomain.com adminuser
> Joining to AD Domain: mydomain.com
> With Computer DNS Name: mycomputer.
>
> <email address hidden>'s password:
>
> (at this point the program pauses for 30 seconds to a minute)
>
> Error: Lsass Error [code 0x00080047]
>
> 59 (0x3B) ERROR_UNEXP_NET_ERR - Unknown error
>
> The last few syslog entries:
>
> Mar 30 10:19:07 mycomputer lwiod[17879]: GSS-API error calling
> gss_init_
> Mar 30 10:19:07 mycomputer lwiod[17879]: GSS-API error calling
> gss_init_
> Mar 30 10:19:11 mycomputer lwiod[17879]: GSS-API error calling
> gss_init_
> Mar 30 10:19:11 mycomputer lwiod[17879]: GSS-API error calling
> gss_init_
> Mar 30 10:19:12 mycomputer lwiod[17879]: GSS-API error calling
> gss_init_
> Mar 30 10:19:12 mycomputer lwiod[17879]: GSS-API error calling
> gss_init_
> Mar 30 10:19:17 mycomputer lsassd[17901]: 0x7fee6ae8a710:
> provider specific request (request code = 8, provider = 'lsa-
> activedirectory
> client pid = 17933
>
> ** Affects: likewise-open (Ubuntu)
> Importance: Undecided
> Status: New
>
> --
> likewise-open fails to join domain (lucid)
> https:/
> You received this bug notification because you are a member of Likewise
> Open Developers, which is subscribed to likewise-open in ubuntu.
>
> Status in “likewise-open” package in Ubuntu: New
>
> Bug description:
> Binary package hint: likewise-open
>
> Package: likewise-open
> Architecture: amd64
> Version: 5.4.0.42111-1
> uname: Linux 2.6.32-18-generic #27-Ubuntu SMP
>
> I am unable to join an AD domain. This machine was upgraded from 9.04
> to 9.10, after that update, I was able to join the domain and things
> worked fine. I upgraded to 10.04, and the likewise-open upgrade
> failed. I cleaned the ol...