HOWTO: Kerberos domain Join

Andrew Bartlett abartlet at samba.org
Wed Jun 22 23:25:48 GMT 2005 

On Wed, 2005-06-22 at 16:24 -0400, Louis St-Amour wrote:
> Some comments on the howto - and I also had a problem with the new
> in-memory keytab code ...
> 
> On Thu, 2005-05-19 at 11:52 +1000, Andrew Bartlett wrote:
> > This is an attempt to document the process required to perform a domain
> > join of WinXP to Samba4, using Kerberos.  It assumes you already have
> > followed tridge's tute on installing Samba4 as a DC, and have the config
> > setup for that much.
> 
> If you get stuck or need help, also see howto.txt in the SAMBA 4 branch:
> <http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/howto.txt?view=auto>
> 
> > On Wed, 2005-06-22 at 12:23 +1000, Andrew Bartlett wrote:
> > > - obtain and install 'Lorikeet Heimdal', and link it into samba
> 
> > > cd samba4/source
> > svn co svn://svnanon.samba.org/lorikeet/trunk/heimdal heimdal
> > > ./configure 
> > > make clean HEIMDAL_EXTERNAL pch all
> 
> I couldn't build it with this, it complained about a missing header
> file. To fix that, I changed it to:
> make clean pch HEIMDAL_EXTERNAL all
> 
> If you don't have GCC 4.3 or higher, replace pch with proto:
> make clean proto HEIMDAL_EXTERNAL all

That's 3.4, not 4.3, but correct.

> Then follow the rest of the howto:
> 
> > >  - obtain and provision current Samba4
> > >  - install the zone file into the DNS server
> 
> See "Verify DNS registration for domain controllers using the nslookup
> command" at <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b6879c0b-cff7-438d-a7f3-0715456dcefb.mspx>
> 
> > >  - configure Samba4
> > >  - Join the WinXP client.
> 
> But I had a problem while following the howto:
> 
> Line 204 of gensec_gssapi.c failed to compile, complained that it
> couldn't find gsskrb5_register_acceptor_keytab. After a quick grep of
> the source, and a search on Google, I realised it was a typo and
> changed it to gsskrb5_register_acceptor_identity, and it compiled ...

No, it wasn't a typo, it is a new function.  I originally tried the
solution I discussed with lha on IRC, but in-memory keytabs cannot be
referenced by name anyway, they can only be found by pointer.   So, I
created a new function.  SVN update the lorikeet repository, and make
clean.  (There appears to be a dependency problem with that code, a
normal make won't pick things up)

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050623/50ab5144/attachment.bin

More information about the samba-technical mailing list