[Samba] kerberos auth fails in samba3.0 alpha23

Rick Segeberg rick.segeberg at waterford.org
Wed Apr 16 15:47:46 GMT 2003 

It seems to work better if you login to the domain first.  Try this:

/usr/kerberos/bin/kinit administrator at YOURDOMAIN.COM

You should be prompted for a password.  "YOURDOMAIN.COM" is case
sensitive and should be all upper case.  You don't have to use
"administrator", but do need to use an account with domain admin rights
so the join will work.

After you put in your password, join the domain like this:

/usr/local/samba/bin/net ads join

Hope that helps.
 
Rick Segeberg
Provo Site Manager, IT Department
The Waterford Institute
rick.segeberg at waterford.org


-----Original Message-----
From: more [mailto:more0401 at sina.com] 
Sent: Wednesday, April 16, 2003 6:00 AM
To: more.zeng
Cc: samba at lists.samba.org
Subject: Re: [Samba] kerberos auth fails in samba3.0 alpha23


Hi, I think I should append this information:

I use "net ads join" to join my computer to win2k AD domain, the system 
prompt to let me input root password. But I have maken a Administrator 
key in win2k AD domain in my Linux box.
It is not useful to input a password for there is not "root" account in 
the win2k AD domain at all. "net ads join" outputs as blow:

root password:
[2003/04/16 13:21:04, 1] libsmb/clikrb5.c:krb5_mk_req2(266)
  krb5_cc_get_principal failed (No credentials cache file found)
[2003/04/16 13:21:04, 0] libads/kerberos.c:ads_kinit_password(132)
  kerberos_kinit_password root at RAIDTEC.CHINA failed: Client not found in

Kerberos database
[2003/04/16 13:21:04, 1] utils/net_ads.c:ads_startup(160)
  ads_connect: Invalid credentials

I just puzzled why samba asks for root account now, any help will be 
great thanks.


Regards,
more

> Hi,
>
> I build an alpha23 samba3.0 system in win2k AD domain. Just a few days

> ago, it works very well. But in recent, I find it cannot work.
>
> I am sure it is the reason for kerberos authority. When I kinit a 
> ticket successfully, it fails to run "smbclient \\Win2K-server\c$ -k",

> the error message will be as blow:
> Doing spnego session setup (blob length=109)
> Doing kerberos session setup
> session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
>
> When I run "getent passwd", it also fails to display the domain users.
> When I run "wbinfo -u", it echos "Error looking up domain users".
>
> But I am sure kerberos ticket works correctly, for I can run kpasswd 
> to change the Administrator at Win2kDomain password.
>
> I am puzzled, I wish if anyone has any help.
>
>
> Regards,
> more
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


*************************************

This e-mail may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network. 

*************************************

More information about the samba mailing list