[Samba] kerberos auth fails in samba3.0 alpha23

more.zeng more.zeng at raidtec.ie
Thu Apr 17 02:13:18 GMT 2003


>
>
>It seems to work better if you login to the domain first.  Try this:
>
>/usr/kerberos/bin/kinit administrator at YOURDOMAIN.COM
>
>You should be prompted for a password.  "YOURDOMAIN.COM" is case
>sensitive and should be all upper case.  You don't have to use
>"administrator", but do need to use an account with domain admin rights
>so the join will work.
>
Thanks for your suggestion.

But I have done this already and even I can use kpasswd to change 
administrator password in Linux box.

>After you put in your password, join the domain like this:
>
>/usr/local/samba/bin/net ads join
>
I have tried this, but the samba just prompts me to input root password. 
I really have an administrator ticket, just as shown in klist command. 
It seems that samba cannot find my cached administrator ticket.

Even I create a root account in win2kserver and put it in administrators 
group, and then I kinit as root at MYDOMAIN.COM to make a ticket and then 
try "net ads join", samba still asks for root password, I have no way 
and now samba3.0 can not work as before (just a week ago, samba3.0 can 
work well in win2k AD).


Regards,
more


>
>Hope that helps.
> 
>Rick Segeberg
>Provo Site Manager, IT Department
>The Waterford Institute
>rick.segeberg at waterford.org
>
>
>-----Original Message-----
>From: more [mailto:more0401 at sina.com] 
>Sent: Wednesday, April 16, 2003 6:00 AM
>To: more.zeng
>Cc: samba at lists.samba.org
>Subject: Re: [Samba] kerberos auth fails in samba3.0 alpha23
>
>
>Hi, I think I should append this information:
>
>I use "net ads join" to join my computer to win2k AD domain, the system 
>prompt to let me input root password. But I have maken a Administrator 
>key in win2k AD domain in my Linux box.
>It is not useful to input a password for there is not "root" account in 
>the win2k AD domain at all. "net ads join" outputs as blow:
>
>root password:
>[2003/04/16 13:21:04, 1] libsmb/clikrb5.c:krb5_mk_req2(266)
>  krb5_cc_get_principal failed (No credentials cache file found)
>[2003/04/16 13:21:04, 0] libads/kerberos.c:ads_kinit_password(132)
>  kerberos_kinit_password root at RAIDTEC.CHINA failed: Client not found in
>
>Kerberos database
>[2003/04/16 13:21:04, 1] utils/net_ads.c:ads_startup(160)
>  ads_connect: Invalid credentials
>
>I just puzzled why samba asks for root account now, any help will be 
>great thanks.
>
>
>Regards,
>more
>
>  
>
>>Hi,
>>
>>I build an alpha23 samba3.0 system in win2k AD domain. Just a few days
>>    
>>
>
>  
>
>>ago, it works very well. But in recent, I find it cannot work.
>>
>>I am sure it is the reason for kerberos authority. When I kinit a 
>>ticket successfully, it fails to run "smbclient \\Win2K-server\c$ -k",
>>    
>>
>
>  
>
>>the error message will be as blow:
>>Doing spnego session setup (blob length=109)
>>Doing kerberos session setup
>>session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
>>
>>When I run "getent passwd", it also fails to display the domain users.
>>When I run "wbinfo -u", it echos "Error looking up domain users".
>>
>>But I am sure kerberos ticket works correctly, for I can run kpasswd 
>>to change the Administrator at Win2kDomain password.
>>
>>I am puzzled, I wish if anyone has any help.
>>
>>
>>Regards,
>>more
>>
>>    
>>
>
>
>  
>




More information about the samba mailing list