[Bug 551901] Re: likewise-open fails to join Windows 2000 SP4 domain

Thierry Carrez thierry.carrez at ubuntu.com
Tue Jun 1 13:53:35 BST 2010 

** Description changed:

  Binary package hint: likewise-open
  
  Package: likewise-open
  Architecture: amd64
  Version: 5.4.0.42111-1
  uname: Linux 2.6.32-18-generic #27-Ubuntu SMP
  
  I am unable to join an AD domain.  This machine was upgraded from 9.04
  to 9.10, after that update, I was able to join the domain and things
  worked fine.  I upgraded to 10.04, and the likewise-open upgrade failed.
  I cleaned the old likewise-open install, reinstalled likewise-open and
  was unable to join the domain.  I also tried using the suggestions
  offered in Bug #543963, but that resulted in the same outcome which
  follows:
  
  sudo domainjoin-cli --loglevel verbose join mydomain.com adminuser
  Joining to AD Domain:   mydomain.com
  With Computer DNS Name: mycomputer.mydomain.com
  
  adminuser at MYDOMAIN.COM's password:
  
  (at this point the program pauses for 30 seconds to a minute)
  
  Error: Lsass Error [code 0x00080047]
  
  59 (0x3B) ERROR_UNEXP_NET_ERR - Unknown error
  
  The last few syslog entries:
  
  Mar 30 10:19:07 mycomputer lwiod[17879]: GSS-API error calling gss_init_sec_context: 589824 (Invalid token was supplied)
  Mar 30 10:19:07 mycomputer lwiod[17879]: GSS-API error calling gss_init_sec_context: 100003 ()
  Mar 30 10:19:11 mycomputer lwiod[17879]: GSS-API error calling gss_init_sec_context: 589824 (Invalid token was supplied)
  Mar 30 10:19:11 mycomputer lwiod[17879]: GSS-API error calling gss_init_sec_context: 100003 ()
  Mar 30 10:19:12 mycomputer lwiod[17879]: GSS-API error calling gss_init_sec_context: 589824 (Invalid token was supplied)
  Mar 30 10:19:12 mycomputer lwiod[17879]: GSS-API error calling gss_init_sec_context: 100003 ()
  Mar 30 10:19:17 mycomputer lsassd[17901]: 0x7fee6ae8a710:Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 59, symbol = ERROR_UNEXP_NET_ERR, client pid = 17933
+ 
+ == SRU Report ==
+ Impact:
+ It's impossible to use Likewise Open in lucid to join a domain with Windows 2000 Domain controllers. This is a regression from karmic and hardy.
+ 
+ Development branch fix:
+ Maverick synced to Debian's 1.8.1+dfsg-5, which has the fix from upstream trunk backported.
+ 
+ Minimal patch:
+ http://src.mit.edu/fisheye/changelog/krb5/?cs=24075
+ This patch was proposed by the Likewise team and committed to krb5 upstream trunk.
+ 
+ TEST CASE:
+ $ sudo apt-get install likewise-open
+ $ sudo domainjoin-cli join <DOMAIN> <ADMINUSER>
+ Affected version fails to join the domain.
+ Fixed version joins the domain OK.
+ 
+ Regression potential:
+ The patch is quite sensitive, though the special handling seems limited to Windows 2000 duplicate response tokens. It has been thoroughly discussed between the Likewise developers, the Debian maintainer of krb5, and upstream. It's been applied in upstream krb5 and in the current debian version.

-- 
likewise-open fails to join Windows 2000 SP4 domain
https://bugs.launchpad.net/bugs/551901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.

More information about the Ubuntu-server-bugs mailing list