Fwd: [Samba] Joining a SAMBA 4 TP4 Active Directory with WinXP

Andrew Bartlett abartlet at samba.org
Mon Feb 12 21:38:40 GMT 2007

On Mon, 2007-02-12 at 14:43 +0100, paul wrote:
> Mag. Leonhard Landrock schrieb:
> > *) Start a virtual machine with WinXP SP2 and trying to join the domain
> > 
> > The last point (joining the domain) doesn't work. I try the username
> > Administrator and the passwort as set with "./setup/provision" but it doesn't
> > work. I simply get unknown username or wrong password.
> Hi, my preliminary checklist:
> - make sure XP has the samba4 server setup as dns server
> - check dns for the varius _ldap._tcp entries from XP
> - start samba with smbd -i -d3 or higher and check the debug messages
> - for w2k I had to add arcfour-hmac-md5 enctype to
> $PREFIX/private/secrets.keytab, to change this edit your krb5.conf and
> reprovision or put "credentials_update_all_keytabs();" in a file and run
> it with smbscript (thanks to abartlet for this), you can check the
> content of the keytab with "ktutil -k private/secrets.keytab list".
> - vista wants aes256-cts-hmac-sha1-96 but still doesn't work ;(
> - post debug output to #samba-technical or here, so ppl could make more
> educated guesses than this one.
> hope this helps
>  Paul
> BTW: Is there documentation for the various ejs funcions for samba?

No, unfortunately.  However after our discussions I decided that in in
future versions we shouldn't do credentials_update_all_keytabs()
anymore.  Instead, we try to update it whenever the entry in secrets.ldb
is updated.

So in SVN releases from this week, to regenerate the secrets.keytab dump
the secrets.ldb to LDIF and then recreate the LDB.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070213/cd636f2f/attachment.bin

More information about the samba-technical mailing list