[discuss] KPASSWD error joining domain

public inbox for discuss@lists.illumos.org (since 2011-08)
 help / color / mirror / Atom feed

* [discuss] KPASSWD error joining domain
@ 2025-02-18 13:50 brian
  0 siblings, 0 replies; only message in thread
From: brian @ 2025-02-18 13:50 UTC (permalink / raw)
  To: illumos-discuss

[-- Attachment #1: Type: text/plain, Size: 6417 bytes --]

Hello,

I've been having a long running problem on one of my OmniOS zones that I've been meaning to ask for help on but kept forgetting.

I'm trying to join a zone to a local Windows AD domain, and it keeps failing with the error "KPASSWD protocol exchange failed (Incorrect net address)."  The domain has three domain controllers, and is setup on a private IPv6-only subnet, could that have something to do with the error?

Pasting the sanitized configs and logs below, with apologies in advance for its size.  Has anyone run into this before?

DNS configuration:
# Auto-generated from zone configuration
nameserver fdba:1234:1234:1234::1
nameserver fdba:1234:1234:1234::2
nameserver fdba:1234:1234:1234::3
nameserver 10.0.0.1

/etc/krb5/krb.conf:
[libdefaults]
   default_realm = DC.MYDOMAIN.COM
   dns_lookup_kdc = true
   verify_ap_req_nofail = false

[realms]
   DC.NEMUCONSULTING.COM = {
   kdc = dc1.dc.mydomain.com
   kdc = dc2.dc.mydomain.com
   kdc = dc3.dc.mydomain.com
   admin_server = dc1.dc.mydomain.com
   }

[domain_realm]
   dc.mydomain.com = DC.MYDOMAIN.COM
   .dc.mydomain.com = DC.MYDOMAIN.COM

Syslog of the failure:
Feb 18 13:36:28 zone smbd[3133]: [ID 814963 daemon.debug] smbd: join domain: dc.mydomain.com
Feb 18 13:36:28 zone smbd[3133]: [ID 481933 daemon.info] smbd: joining with user winadmin
Feb 18 13:36:28 zone smbd[3133]: [ID 316733 daemon.info] smbd: set idmap domain dc.mydomain.com
Feb 18 13:36:28 zone idmap[3066]: [ID 961139 daemon.debug] created thread ID 4 - 2 threads currently active
Feb 18 13:36:29 zone smbd[3133]: [ID 727883 daemon.info] smbd_dc_monitor_refresh
Feb 18 13:36:29 zone smbd[3133]: [ID 288469 daemon.debug] smb_ddiscover_refresh set cfg changed
Feb 18 13:36:29 zone smbd[3133]: [ID 467060 daemon.debug] smb_ddiscover_service: not a domain member
Feb 18 13:36:29 zone smbd[3133]: [ID 243688 daemon.debug] smb_ddiscover_service waiting
Feb 18 13:36:29 zone idmap[3066]: [ID 650504 daemon.info] LDAP: dc1.dc.mydomain.com:3268: Local error
Feb 18 13:36:29 zone idmap[3066]: [ID 452651 daemon.error] adutils: ldap_lookup_init failed
Feb 18 13:36:29 zone idmap[3066]: [ID 452651 daemon.error] adutils: ldap_lookup_init failed
Feb 18 13:36:29 zone smbd[3133]: [ID 636212 daemon.info] smbd: found AD server dc1.dc.mydomain.com (fdba:1234:1234:1234::1)
Feb 18 13:36:31 zone smbd[3133]: [ID 734779 daemon.info] smbd_join: domain FQN=dc.mydomain.com
Feb 18 13:36:31 zone smbd[3133]: [ID 674363 daemon.info] smbd_join: domain NBN=MYDOMAIN
Feb 18 13:36:31 zone smbd[3133]: [ID 292936 daemon.info] smbd_join: domain SID=S-1-5-21-1111111111-111111111-111111111
Feb 18 13:36:31 zone smbd[3133]: [ID 737812 daemon.info] use_ads=true (LDAP join)
Feb 18 13:36:31 zone smbd[3133]: [ID 644047 daemon.debug] smbns: smb_ads_open_main
Feb 18 13:36:31 zone smbd[3133]: [ID 920307 daemon.debug] smbns: domain: dc.mydomain.com
Feb 18 13:36:31 zone smbd[3133]: [ID 504222 daemon.debug] smbns: domain_dn: dc=dc,dc=mydomain,dc=com
Feb 18 13:36:31 zone smbd[3133]: [ID 964873 daemon.debug] smbns: ip_addr: (null)
Feb 18 13:36:31 zone smbd[3133]: [ID 565569 daemon.debug] smbns: hostname: dc1.dc.mydomain.com
Feb 18 13:36:31 zone smbd[3133]: [ID 630608 daemon.debug] smbns: site: 
Feb 18 13:36:31 zone smbd[3133]: [ID 723469 daemon.debug] smbns: ldap_sasl_..._bind_s success
Feb 18 13:36:31 zone smbd[3133]: [ID 800119 daemon.debug] smb_ads_get_dc_level: LDAP value 7
Feb 18 13:36:31 zone smbd[3133]: [ID 694413 daemon.debug] smbns: lookup_computer, dn=dc=dc,dc=mydomain,dc=com, scope=2
Feb 18 13:36:31 zone smbd[3133]: [ID 549598 daemon.debug] smbns: lookup_computer, filter=(&(objectClass=computer)(sAMAccountName=ZONE\$))
Feb 18 13:36:31 zone smbd[3133]: [ID 628725 daemon.debug] smbns: lookup_computer, attrs[0]=dNSHostName
Feb 18 13:36:31 zone smbd[3133]: [ID 632821 daemon.debug] smbns: lookup_computer, attrs[1]=distinguishedName
Feb 18 13:36:31 zone smbd[3133]: [ID 328788 daemon.debug] smbns: find_computer, ldap_search OK
Feb 18 13:36:31 zone smbd[3133]: [ID 519476 daemon.debug] smbns: find_computer, have LDAP resp.
Feb 18 13:36:31 zone smbd[3133]: [ID 620276 daemon.debug] smbns: find_computer, check DNS name
Feb 18 13:36:31 zone smbd[3133]: [ID 395268 daemon.debug] smbns: ads_getattr (dNSHostName)
Feb 18 13:36:31 zone smbd[3133]: [ID 200422 daemon.debug] smbns: ads_getattr (dNSHostName) OK, val=zone.dc.mydomain.com
Feb 18 13:36:31 zone smbd[3133]: [ID 869294 daemon.debug] smbns: find_computer, check distinguishedName
Feb 18 13:36:31 zone smbd[3133]: [ID 395268 daemon.debug] smbns: ads_getattr (distinguishedName)
Feb 18 13:36:31 zone smbd[3133]: [ID 200422 daemon.debug] smbns: ads_getattr (distinguishedName) OK, val=CN=ZONE,CN=Computers,DC=dc,DC=mydomain,DC=com
Feb 18 13:36:31 zone smbd[3133]: [ID 429919 daemon.debug] smbns: find_computer, attr distinguishedName = CN=ZONE,CN=Computers,DC=dc,DC=mydomain,DC=com
Feb 18 13:36:31 zone smbd[3133]: [ID 198070 daemon.info] smb_ads_join: machine account found. Updating: CN=ZONE,CN=Computers,DC=dc,DC=mydomain,DC=com
Feb 18 13:36:31 zone smbd[3133]: [ID 684786 daemon.debug] smb_ads_computer_op, op=replace dn=CN=ZONE,CN=Computers,DC=dc,DC=mydomain,DC=com
*Feb 18 13:36:31 zone smbd[3133]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Incorrect net address)
Feb 18 13:36:31 zone smbd[3133]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Incorrect net address)
*Feb 18 13:36:31 zone smbd[3133]: [ID 871254 daemon.error] smbd: failed joining dc.mydomain.com (UNSUCCESSFUL)
Feb 18 13:36:31 zone smbd[3133]: [ID 871254 daemon.error] smbd: failed joining dc.mydomain.com (UNSUCCESSFUL)
Feb 18 13:36:31 zone idmap[3066]: [ID 864022 daemon.debug] No domain name specified.
Feb 18 13:36:31 zone smbd[3133]: [ID 727883 daemon.info] smbd_dc_monitor_refresh
Feb 18 13:36:31 zone smbd[3133]: [ID 288469 daemon.debug] smb_ddiscover_refresh set cfg changed
Feb 18 13:36:31 zone smbd[3133]: [ID 467060 daemon.debug] smb_ddiscover_service: not a domain member
Feb 18 13:36:31 zone smbd[3133]: [ID 243688 daemon.debug] smb_ddiscover_service waiting

------------------------------------------
illumos: illumos-discuss
Permalink: https://illumos.topicbox.com/groups/discuss/T28da1c1ecadbe97f-Mb929c5ffc1b2e26df00cfd16
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription

[-- Attachment #2: Type: text/html, Size: 7848 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-02-18 13:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-18 13:50 [discuss] KPASSWD error joining domain brian

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).