[Samba] ADS. Joined but cannot proceed.

Tonnet, Bryan Bryan.Tonnet at det.nsw.edu.au
Sun Jan 4 22:48:48 GMT 2004


I'm attempting to use samba 3.01pre3 (on RedHat 9) and an AD domain
with kerberos.  Samba machines are member servers only. 
smbd/nmbd/winbindd all running and behaving as advertised.

I've made these changes to the smb.conf file;

workgroup = XXXXX
realm = xxxxx.REALM
security = ads
idmap uid = 10000-50000
idmap gid = 10000-50000

And these changes to the krb5.conf file;

[libdefaults]
deafult_realm = XXXXX.REALM

[realms]
XXXX.REALM {
admin_server = servername.xxxxx.realm:749
kdc = servername.xxxxx.realm:88 
default_realm = xxxxx.realm
}

[domain_realm]
.XXXXX.REALM = xxxxx.realm
xxxxx.realm = XXXXX.REALM

The join command seemed work an told me I had been successful in
joining the domain/realm.

I assume that things now are at least partially working, as when I do 
'kinit -V username at XXXXX.REALM', I am asked for my AD password.  If I
type it, I am returned to the prompt, and kinit informs me that;

'Authenticated to Kerberos V5'.

If, however, I then do 'smbclient -k -L <servername> -U <username>'
(and type my AD password), I am told;

'session setup failed: NT_STATUS_MORE_PROCESSING REQUIRED
Did you forget to run kinit?'

Obviously I didn't forget to run kinit, but klist tickets returns;

'No credentials cache found (ticket cache FILE:tickets)'

If I rerun smbclient without the '-k' (using W2K native mode), there
are no problems with listing or connecting.

Where have I gone wrong?

Thanks in advance

Bryan Tonnet
**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************


More information about the samba mailing list