[Samba] can't join W2003 domain with 3.0.0 (krb ticket is OK
though)
Jochen Schmidt
jochen.schmidt at millenux.com
Thu Oct 30 09:34:36 GMT 2003
Hi Christoph,
On Wed, 29 Oct 2003 christoph.beyer at desy.de wrote:
> I'm using the production release of 3.0.0 and can not join a W2003 domain:
>
> [printsrv4] /spool/samba-3.0.0/bin $ ./net -d 10 ads join -Uhumpty_dumpty
> [2003/10/29 15:35:39, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
> got principal=adc1$@WIN.DESY.DE
> [2003/10/29 15:35:39, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
> krb5_cc_get_principal failed (No credentials cache found)
> [2003/10/29 15:35:40, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
> Got KRB5 session key of length 16
> [2003/10/29 15:35:40, 1] utils/net_ads.c:ads_startup(181)
> ads_connect: Strong authentication required
Maybe your Domain only allows NTLMv2. See smb.conf Manpage about "client
ntlmv2 auth" (and maybe also about "client schannel", "client signing",
"client use spnego")
Greetings
Jochen
> [2003/10/29 15:35:40, 2] utils/net.c:main(758)
> return code = -1
>
> The krb5 token looks OK:
>
> [printsrv4] /spool/samba-3.0.0/bin $ klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: humpty_dumpty at WIN.DESY.DE
>
> Valid starting Expires Service principal
> 10/29/03 13:48:09 10/29/03 23:48:18 krbtgt/WIN.DESY.DE at WIN.DESY.DE
> renew until 10/30/03 13:48:09
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> Principal: humpty_dumpty at DESY.DE
>
> Issued Expires Principal
> 10/21/03 15:42:14 10/22/03 17:08:35 krbtgt.DESY.DE at DESY.DE
> 10/21/03 15:42:14 10/22/03 17:08:35 afs at DESY.DE
> 10/22/03 15:18:13 10/22/03 17:13:13 rcmd.host at DESY.DE
--
--------------------------------------------------------------------
Jochen Schmidt jochen.schmidt at millenux.com
Mi||enux GmbH mobile: +49.175.5752483
Lilienthalstraße 2 phone: +49.711.88770.300
70825 Stuttgart-Korntal fax: +49.711.88770.349
-= linux without limits -=- http://linux.zSeries.org/ =-
PGP Fingerprint: 6F9A 85CE 78EA 7EF1 B2BA 3559 8FA1 2B13 098D 20B5
More information about the samba
mailing list