[Samba] After net ads join, kinit fails: Client not found...
Ross McInnes
sysrm at stvincent.ac.uk
Thu Aug 18 07:34:38 GMT 2005
On the windows machine, I just set it (again) to what it already was, worked
fine after that.
Just looking at your krb5.conf file there are a few differences from mine
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
I don't have either of those and;
[realms]
DOMAIN.COM.MX = {
kdc = adw2kserver.domain.com.mx
kdc = otherADw2kserver.domain.com.mx
admin_server = ad2kserver.domain.com.mx
default_domain = domain.com.mx
}
I only have the single kdc and it has :88 (port Im guessing) at the end of
the kdc line.
I have :749 at the end of admin_server
I have redhat es3 here, and I didn't do anything as complicated as you it
would seem (don't know if solaris makes a difference or not)
Simply, Made sure openldap was installed and kerb. Then I configured my
/etc/krb5.conf file to point to the right locatation and ran the kinit
Administrator at SOME.DOMAIN
Prompted me for a password (which didn't work 1st time, reseting
administrator on the Windows box then sorted it)
Its worked for me ever since...
Sorry I can't be of more help on this
Ross
-----Original Message-----
From: P V [mailto:ditirambo_farfulla at yahoo.com]
Sent: 17 August 2005 17:53
To: Ross McInnes; samba at lists.samba.org
Subject: RE: [Samba] After net ads join, kinit fails: Client not found...
Hi Ross!
Excuse my ignorance, but how can I reset the administrators password?
--- Ross McInnes <sysrm at stvincent.ac.uk> wrote:
>
> Hi, I *think* I had this issue. This was during my 1st setup, when I
> reset the administrators password it worked fine afterwards.
>
> Also look on the AD and make sure it actually joined the domain.
>
> Cheers
>
> Ross
>
>
> -----Original Message-----
> From:
> samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
>
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org]
> On Behalf Of P
> V
> Sent: 17 August 2005 15:33
> To: samba at lists.samba.org
> Subject: [Samba] After net ads join, kinit fails:
> Client not found...
>
> I'm installing Samba with Security ADS (compiled --with-winbind
> --with-ads --with-ldap --with-krb5) on Solaris 8, for connect with
> ActiveDirectory W2K.
> First, I created in AD Windows an account with the same name that my
> solaris host and generated the keytab with this:
> C:\temp>ktpass princ
> host/mysolarishost at DOMAIN.COM.MX mapuser mysolarishost -pass
> ad_user_pwd out file.keytab
> And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil
> I ran kinit host/mysolarishost at DOMAIN.COM.MX, and it asked me for a
> password (ad_usr_pwd) and all right.
> Then I ran net ads join -U Administrator.
> It asked for password and sent:
> Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to
> realm 'DOMAIN.COM.MX'
>
> After this, I ran SMB daemons. In log.smbd I get:
> [2005/08/16 19:12:48, 0] smbd/server.c:main(802)
> smbd version 3.0.20rc1 started.
> Copyright Andrew Tridgell and the Samba Team
> 1992-2004
> [2005/08/16 19:12:48, 0]
> libads/kerberos.c:ads_kinit_password(146)
> kerberos_kinit_password
> host/MYSOLARISHOST at DOMAIN.COM.MX failed: Client not found in Kerberos
> database
>
> If I run kinit host/mysolarishost at DOMAIN.COM.MX, I get this
> message:
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
>
> So, the problem is when a run net ads join. After that the
> authentication with AD W2K is broken. If I delete the computer account
> in AD W2K, the kinit command works again.
>
> Any idea?
>
> Here my configuration files:
> smb.conf:
> [global]
> workgroup = DOMAINNETBIOS
> netbios name = mysolarishost
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> security = ads
> realm = DOMAIN.COM.MX
> password server = adw2kserver.domain.com.mx
> ----------------------------------------------
>
> krb5.conf:
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DOMAIN.COM.MX
> default_tgs_enctypes = des-cbc-crc
> des-cbc-md5
> default_tkt_enctypes = des-cbc-crc
> des-cbc-md5 [realms]
> DOMAIN.COM.MX = {
> kdc = adw2kserver.domain.com.mx
> kdc = otherADw2kserver.domain.com.mx
> admin_server =
> ad2kserver.domain.com.mx
> default_domain = domain.com.mx
> }
> [domain_realm]
> domain.com.mx = DOMAIN.COM.MX
> .domainnetbios = DOMAIN.COM.MX
> domainnetbios = DOMAIN.COM.MX
> -----------------------------------------------
>
> nsswitch:
> passwd: files winbind
> group: files winbind
> hosts: files wins
> shadow: files winbind
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
More information about the samba
mailing list