[Samba] ADS still doesn't work with SAMBA 3 CVS.

Ron Gage ron at rongage.org
Sat Nov 8 16:05:42 GMT 2003 

Currently running CVS of SAMBA 3.1 - pulled down last night.

The Samba machine is joining the domain (or so it reports) but it doesn't show 
up in AD Users & Computers.  Attempting to browse the Samba computer from 
Windows (Advanced Server 2000) fails with password/username failures.  Here 
is the output from "net ads join -U administrator".  Yes, this is showing 
that I was already joined to the domain.

root at web:~# net ads testjoin -U administrator
Join is OK
root at web:~# net ads join -U administrator
administrator password:
[2003/11/08 10:38:55, 0] libads/ldap.c:ads_join_realm(1308)
  Host account for web already exists - deleting old account
Using short domain name -- RONGAGEHOME
Joined 'WEB' to realm 'RONGAGEHOME.COM'


The Domain Controller is Windows 2000 Advanced Server.  NOT Server 2003!

Here is the contents of /etc/krb5.conf

[logging]
  default = FILE:/var/log/krb5/libs.log
  kdc = FILE:/var/log/krb5/kdc.log
  admin_server = FILE:/var/log/krb5/admin.log

[libdefaults]
  ticket_lifetime = 24000
  default_realm = RONGAGEHOME.COM
  forwardable = true
  proxiable = true


  [realms]
    RONGAGEHOME.COM = {
      kdc = intel.rongagehome.com
      default_domain = rongagehome.com
      }

[domain_realm]
  .rongagehome.com = RONGAGEHOME.COM
  rongagehome.com = RONGAGEHOME.COM

Here is the contents of /usr/lib/smb.conf:
[global]

workgroup = rongagehome
realm = rongagehome.com
server string = Samba Server
;   hosts allow = 192.168.1. 192.168.2. 127.
;   load printers = yes
;   printcap name = /etc/printcap
;   printcap name = lpstat
;   printing = bsd
;  guest account = pcguest
   log file = /var/log/samba.%m
   max log size = 50
   security = ads
;   password server = <NT-Server-Name>
  encrypt passwords = yes
;   include = /usr/local/samba/lib/smb.conf.%m
   socket options = TCP_NODELAY
;   interfaces = 192.168.12.2/24 192.168.13.2/24
;   local master = no
;   os level = 33
;   domain master = yes
;   preferred master = yes
;   domain logons = yes
;   logon script = %m.bat
;   logon path = \\%L\Profiles\%U
;   wins support = yes
;   wins server = w.x.y.z
;   wins proxy = yes
   dns proxy = no

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

Yes, I know there are no shares actually defined.  We aren't at that point 
yet.

Here is the output of klist -e:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at RONGAGEHOME.COM

Valid starting     Expires            Service principal
11/08/03 10:35:57  11/08/03 20:36:01  krbtgt/RONGAGEHOME.COM at RONGAGEHOME.COM
        renew until 11/09/03 10:35:57, Etype (skey, tkt): ArcFour with 
HMAC/md5, ArcFour with HMAC/md5
11/08/03 10:38:57  11/08/03 20:36:01  intel$@RONGAGEHOME.COM
        renew until 11/09/03 10:35:57, Etype (skey, tkt): ArcFour with 
HMAC/md5, ArcFour with HMAC/md5


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

Any ideas on what I am doing wrong here?  



-- 
Ron Gage - LPIC1, A+, Net+
Pontiac, Michigan

More information about the samba mailing list