[Samba] Unable to join ADS domain
Joe Howell
jhowell_tsm at yahoo.com
Wed Feb 11 20:32:20 GMT 2004
No bueno. I changed the enctypes and took the "encrypt passwords=yes" out, but still no reply and no computer account.....
TBrown at neurology.ahsc.arizona.edu wrote:
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
Change the enctypes to: des-cbc-crc as shown above. Also, if you do a
testparam I'll bet that the encrypt passwords = yes entry is going to give
you grief. Besides kerberos is encrypted anyway. Another thing to consider
is flushing the NetBIOS cache on your wins and kdc server - don't know if
this does anything, but it makes me feel better (nbtstat -R).
Tracy Steven Brown
University of Arizona
Dept. Neurology
(520) 626-4660
Joe Howell
o.com> To
Sent by: samba at lists.samba.org
samba-bounces+tsb cc
=u.arizona.edu at li
sts.samba.org Subject
[Samba] Unable to join ADS domain
02/11/2004 12:05
PM
I've installed Samba 3.0.2 (from the source) on a SuSE
8.2 system with MIT Kerberos 1.3.1 (I uninstalled the
Heimdal code) and the OpenLDAP 2.1.27 development
libraries installed on it. I want to make this system
a domain member of a Win2K native-mode ADS domain but
can't get "net ads join" to work. I've run "kinit
myid at MYDOMAIN.COM" and I get at ticket, but when I do
"net ads join -Umyid%mypswd" I get no output from the
command and I don't get a machine account in the
domain.
My /etc/krb5.conf looks like:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.COM = {
kdc = DCSRV1.MYDOMAIN.COM:88
admin_server = dcsrv1.mydomain.com:749
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
My /usr/local/samba/lib/smb.conf looks like:
[global]
realm = MYDOMAIN.COM
security = ads
password server = 10.4.1.13
workgroup = MYDOMAIN
netbios name = susesrv
server string = SAMBA SERVER
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS=======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
.COM
security = ads
password server = 10.4.1.13
workgroup = COLUMBIA
netbios name = susesrv
server string = IBM Aptiva in Joe's cube
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS=======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
=====
Joe Howell
Shelter Insurance Companies
Columbia, MO
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Joe Howell
Shelter Insurance Companies
Columbia, MO
---------------------------------
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
More information about the samba
mailing list