[Samba] Unable to join ADS domain

Joe Howell jhowell_tsm at yahoo.com
Wed Feb 11 21:20:09 GMT 2004 

Great site with wonderful information.  Unfortunately, it still don't work.

John Simovic <jsimovic at tpg.com.au> wrote:have a look at www.wlug.org.nz/ActiveDirectorySamba

----- Original Message ----- 
From: "Joe Howell" 
To: 
Sent: Thursday, February 12, 2004 7:32 AM
Subject: Re: [Samba] Unable to join ADS domain


> No bueno. I changed the enctypes and took the "encrypt passwords=yes"
out, but still no reply and no computer account.....
>
>
> TBrown at neurology.ahsc.arizona.edu wrote:
>
>
>
>
> [libdefaults]
> default_realm =MYDOMAIN.COM
> clockskew = 300
> default_tkt_enctypes = des-cbc-crc
> default_tgs_enctypes = des-cbc-crc
>
>
> Change the enctypes to: des-cbc-crc as shown above. Also, if you do a
> testparam I'll bet that the encrypt passwords = yes entry is going to give
> you grief. Besides kerberos is encrypted anyway. Another thing to consider
> is flushing the NetBIOS cache on your wins and kdc server - don't know if
> this does anything, but it makes me feel better (nbtstat -R).
>
> Tracy Steven Brown
> University of Arizona
> Dept. Neurology
> (520) 626-4660
>
>
>
>
> Joe Howell
> o.com> To
> Sent by: samba at lists.samba.org
> samba-bounces+tsb cc
> =u.arizona.edu at li
> sts.samba.org Subject
> [Samba] Unable to join ADS domain
>
> 02/11/2004 12:05
> PM
>
>
>
>
>
>
>
> I've installed Samba 3.0.2 (from the source) on a SuSE
> 8.2 system with MIT Kerberos 1.3.1 (I uninstalled the
> Heimdal code) and the OpenLDAP 2.1.27 development
> libraries installed on it. I want to make this system
> a domain member of a Win2K native-mode ADS domain but
> can't get "net ads join" to work. I've run "kinit
> myid at MYDOMAIN.COM" and I get at ticket, but when I do
> "net ads join -Umyid%mypswd" I get no output from the
> command and I don't get a machine account in the
> domain.
>
> My /etc/krb5.conf looks like:
> logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm =MYDOMAIN.COM
> clockskew = 300
> default_tkt_enctypes = des-cbc-crc des-cbc-md5
> default_tgs_enctypes = des-cbc-crc des-cbc-md5
>
> [realms]
> MYDOMAIN.COM = {
> kdc = DCSRV1.MYDOMAIN.COM:88
> admin_server = dcsrv1.mydomain.com:749
> default_domain = mydomain.com
> }
> [domain_realm]
> .mydomain.com = MYDOMAIN.COM
> mydomain.com = MYDOMAIN.COM
>
>
> My /usr/local/samba/lib/smb.conf looks like:
>
> [global]
> realm = MYDOMAIN.COM
> security = ads
> password server = 10.4.1.13
> workgroup = MYDOMAIN
> netbios name = susesrv
> server string = SAMBA SERVER
> encrypt passwords = yes
>
> printcap name = /etc/printcap
> load printers = yes
> printing = cups
>
> log file = /var/log/samba/%m.log
> max log size = 10000
>
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>
> local master = no
> domain master = no
> preferred master = no
> wins server = 10.4.1.60
> dns proxy = no
>
> #===============SHARE
> DEFINITIONS=======================
>
> [public]
> path = /usr/public
> browseable = yes
> writeable = yes
> guest ok = no
>
> [printers]
> path = /var/spool/samba
> browseable = yes
> writeable = no
> guest ok = yes
> printable = yes
>
> .COM
> security = ads
> password server = 10.4.1.13
> workgroup = COLUMBIA
> netbios name = susesrv
> server string = IBM Aptiva in Joe's cube
> encrypt passwords = yes
>
> printcap name = /etc/printcap
> load printers = yes
> printing = cups
>
> log file = /var/log/samba/%m.log
> max log size = 10000
>
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>
> local master = no
> domain master = no
> preferred master = no
> wins server = 10.4.1.60
> dns proxy = no
>
> #===============SHARE
> DEFINITIONS=======================
>
> [public]
> path = /usr/public
> browseable = yes
> writeable = yes
> guest ok = no
>
> [printers]
> path = /var/spool/samba
> browseable = yes
> writeable = no
> guest ok = yes
> printable = yes
>
>
>
> =====
> Joe Howell
> Shelter Insurance Companies
> Columbia, MO
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing online.
> http://taxes.yahoo.com/filing.html
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
>
> Joe Howell
> Shelter Insurance Companies
> Columbia, MO
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing online
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>



Joe Howell
Shelter Insurance Companies
Columbia, MO

---------------------------------
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online

More information about the samba mailing list