[Samba] Samba 3.0.0 can't join ADS domain

Joey Howell jhowell_samba at yahoo.com
Tue Nov 4 20:33:43 GMT 2003 

I'm installing Samba 3.0.0 on a RH9 system for the
first time.  I've gone through the doc and I believe
that I've done everything correctly, but when I try to
issue a "net ads join -U myuserid" command, I get no
response.  No errors, just nothing.  When I do a klist
I can see the credentials for "myuserid" but nothing
else.  If I do a "net rpc join -U myuserid" I get a
couple of error messages but then the machine joins
the AD domain; the only problem then is that wbinfo -u
and wbinfo -g fail with "Error looking up domain
users/groups".  I'm trying to join to a W2K
native-mode AD domain.  My smb.conf looks like this:  

[global]
  workgroup = MYWKGRP
  netbios name = RHPSRV1
  log file = /var/log/samba/log.%m
  log level = 3
  socket options = TCPIP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
                                                      
                         
# winbind configuration
                                                      
                         
  winbind separator = +
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = yes
  winbind cache time = 10
  template homedir = /home/%D/%U
  template shell = /bin/bash
  password server = *
                                                      
                         
# active directory configuration
  security = ADS
  encrypt passwords = yes
  password server = 10.4.1.13
  realm = mywkgrp.mydomain.com



And my krb5.conf looks like:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
                                                      
                         
[libdefaults]
 ticket_lifetime = 24000
 default_realm = MYWKGRP.MYDOMAIN.COM
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
 forwardable = true
 proxiable = true
 dns_lookup_realm = true
 dns_lookup_kdc = true
                                                      
                         
[realms]
 MYWKRTP.MYDOMAIN.COM = {
  kdc = mydcsrv.mywkgrp.mydomain.com
  admin_server = mydcsrv.mywkgrp.mydomain.com
  default_domain = MYWKGRP.MYDOMAIN.COM
 }
                                                      
                         
[domain_realm]
 .mywkgrp.mydomain.com = MYWKGRP.MYDOMAIN.COM
 mywkgrp.mydomain.com = MYWKGRP.MYDOMAIN.COM


I'm pretty sure the Kerberos part works ok, since I
can authenticate my Windows login id (the id does not
exist on the RH9 server).  Can someone point out what
I've done wrong?

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

More information about the samba mailing list