[Samba] To all with FreeBSD 5.2.1 and net ads join problems

[Tom Skeren]

If your getting kinit problems with net ads join (don't bother with 
testjoin-it will error out no matter), do the following:

1.   Change an administrators password, especially if you upgraded from 
NT 4.

2.   Create a krb5.conf file int /etc that looks like this:

logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = YOURDOMAIN.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 default_etypes	= des-cbc-crc des-cbc-md5
 default_etypes_des = des-cbc-crc des-cbc-md5

[realms]

 FSKLAW.NET = {
  kdc = kerberos.yourdomain.com
  admin_server = servername.yourdomain.com
  default_domain= yourdomain.com
 }

[domain_realm]
.kerberos.server = KERBEROS.FSKLAW.NET

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false



3.   Test kinit:  kinit SOMEADMIN at YOURDOMAIN.COM   enter new password.  
You should be at a prompt.  You'll get nothing if it's working.

4.  Join the domain.  net ads --user=someadmin join.  Enter password.  
You should get some message telling you you were successfull.  Check out 
the Win2k machine.  The samba name of your Unix box should be in active 
directory users and computers, in computers.  Double click the listing 
and check version.  It should say the OS is Samba 3.0.x.  Your in, 
mostly at this point.

Hope this helps, I've been at this three weeks now.

TMS III