[Samba] Samba LDAP kerberos tickets problem
DAVID ZHOU
zhouwei926 at gmail.com
Wed Nov 16 03:01:05 MST 2011
Hi,
I am using Samba to join AD.But have a problem with version 3.4.7 which not
meet in version 3.2.5.
Here is my steps:
in version 3.2.5
1. set smb.conf and krb5.conf the realm to test.com; in smb.conf set use
kerberos keytab = true
2. net ads join -U Administrator%Password createupn=test at test.com
createcomputer="Computers"
3. net ads keytab create
The three steps will have no error and all successfully, the use klist, the
ldap/ds1.test.com at TEST.COM ticket will available in the output.
But in version 3.4.7
1. set smb.conf and krb5.conf the realm to test.com; in
smb.conf kerberos method = system keytab
2. net ads join -U Administrator%Password createupn=test at test.com
createcomputer="Computers"
3. net ads keytab create
Step 1 and Step 2 will successfully. But when I run step 3, it ask me to
input root's password, the did not happen when using version 3.2.5. Then
I have to use net ads keytab create -U Administrator%Password to make it
running successfully, but after this when I use klist, the
ldap/ds1.test.com at TEST.COM ticket does not exist. So what happens and how
can I make it like the version 3.2.5 ?
When I try to use net -k ads keytab create, the exit value will be -1
and when I add debug information, the error will be : ads_krb5_mk_req:
krb5_get_credentials failed ( ldap/ds1.test.com at TEST.COM) ( Cannot find
ticket for requested realm)
Can anyone help me ? Thanks very much in advance !
More information about the samba
mailing list