Problem beim joiner der AD

[enear]

5.4.07 Problem umgangen

Hallo,
vielleicht kann mir hier jemand weiterhelfen.
Ich versuche einen rhel4 64bit Server in die AD aufzunehmen und scheitere dabei bis jetz kläglich, gleiche konfiguration und configs funktionieren auf nem rhel4 32bit einwandfrei.

Linux efanode999 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:56:28 EST 2006 x86_64 x86_64 x86_64 GNU/Linux


Installed Packages
samba.x86_64 3.0.10-1.4E.11 installed
samba-client.x86_64 3.0.10-1.4E.11 installed
samba-common.x86_64 3.0.10-1.4E.11 installed
samba-swat.x86_64 3.0.10-1.4E.11 installed
krb5-libs.x86_64 1.3.4-33 installed
krb5-workstation.x86_64 1.3.4-33 installed
pam_krb5.x86_64 2.1.8-1 installed

smb.conf

# Global parameters
[global]
        workgroup = GROUP
        realm = GROUP.LOCAL
        server string = %h server (Samba %v)
        security = ADS
        obey pam restrictions = Yes
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        wins server = 150.99.17.2
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind use default domain = Yes
        invalid users = root

krb5.conf

[libdefaults]
        default_realm = GROUP.LOCAL
        ticket_lifetime = 24000
        dns_lookup_realm = yes
        dns_lookup_kdc = yes
...

[realms]
GROUP.LOCAL = {
         kdc = demucsinf902
         kdc = demucsinf903
        admin_server = demucsinf902
        default_domain=group.local
}
...

resolv.conf

search group.local
nameserver 150.99.17.2
nameserver 150.99.17.3

nsswitch.conf

passwd:     files nis winbind
shadow:     files nis winbind
...

klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user@GROUP.LOCAL

Valid starting     Expires            Service principal
04/03/07 11:33:42  04/03/07 21:33:46  krbtgt/GROUP.LOCAL@GROUP.LOCAL
        renew until 04/04/07 11:33:42
04/03/07 11:35:18  04/03/07 21:33:46  demucsinf903$@GROUP.LOCAL
        renew until 04/04/07 11:33:42


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

net ads testjoin

EFANODE999$@GROUP.LOCAL's password: 
[2007/04/03 12:54:59, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password [B]EFANODE999$[/B]@GROUP.LOCAL failed: Client not found in Kerberos database
[2007/04/03 12:54:59, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Client not found in Kerberos database
Join to domain is not valid

net ads join -Uuser -d3

[2007/04/03 12:55:42, 3] param/loadparm.c:lp_load(3894)
  lp_load: refreshing parameters
[2007/04/03 12:55:42, 3] param/loadparm.c:init_globals(1312)
  Initialising global parameters
[2007/04/03 12:55:42, 3] param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2007/04/03 12:55:42, 3] param/loadparm.c:do_section(3396)
  Processing section "[global]"
[2007/04/03 12:55:42, 2] lib/interface.c:add_interface(79)
  added interface ip=10.0.0.99 bcast=10.0.0.255 nmask=255.255.255.0
[2007/04/03 12:55:42, 2] lib/interface.c:add_interface(79)
  added interface ip=150.99.15.80 bcast=150.99.15.255 nmask=255.255.254.0
users's password: 
[2007/04/03 12:55:47, 3] libads/ldap.c:ads_connect(285)
  Connected to LDAP server 150.99.17.2
[2007/04/03 12:55:47, 3] libads/ldap.c:ads_server_info(2469)
  got ldap server name demucsinf902@GROUP.LOCAL, using bind path: dc=GROUP,dc=LOCAL
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name =demucsinf902$@GROUP.LOCAL
[2007/04/03 12:55:47, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382)
  [B]ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)[/B]
[2007/04/03 12:55:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
  Ticket in ccache[MEMORY:net_ads] expiration Tue, 03 Apr 2007 22:55:47 GMT

log.winbindd

[2007/04/03 10:50:24, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)
  spnego_gen_negTokenTarg failed: No credentials cache found
[2007/04/03 10:50:24, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain GROUP failed: Cannot read password
[2007/04/03 10:50:24, 1] nsswitch/winbindd_util.c:init_domain_list(327)
  Could not fetch sid for our domain GROUP

Hoffe jemandem fällt der Fehler auf sonst werd ich bis das ding geht
Danke im vorraus
Gruß