[Samba] Samba 3.0.2 and Windows 2003 ADS.
giuseppe panei
giuseppe.panei at sgai.com
Tue Jan 27 08:27:02 GMT 2004
Same problem on my network: PDC win2000 ADS . I use mandrake 9.1, kerberos
1.2.7 (by mandrake cdrom) and samba 3.0.0. I too can use smbclient -k with
no password, but from windows clients i must input password. net ads testjoin
is ok.
I have read: Using Samba, Samba HOWTO (domain membership), archive of mailing
list, kerberos documentation and some italian review.
I have seen many question on this problem but no reply.
I wonder if a Samba host can join to win2k domain, with my disappoint.
Giuseppe
On Monday 26 January 2004 11:57 pm, Christian Arguello wrote:
> Hi.
>
> I have installed samba 3.0.2 in my redhat 7.3, and Kerberos 1.2.4
>
> I can make my Linux act as ADS Domain Membership whit out any problem,
>
> When I made this command:
>
> /usr/local/samba/bin/net ads join "Computers" -U<usuario>%<clave>
>
> I get this message that tell me that everything is ok.
>
> Using short domain name -- DOMAIN2003
> Joined 'PROTON' to realm 'DOMAIN2003.COM'
>
> I also have another PC with windows 2000, which is joined too, to my
> Windows 2003 Server. From my Linux I can connect with out any problem to
> this machine using "smbclient" and with no password. But when I try to
> connect form Windows 2000 to my Linux using this command: "net use *
> \\server\share <file:///\\server\share> ", it asks me for a password,
> and in the samba log I see this:
>
> [2004/01/26 17:41:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
> Failed to verify incoming ticket!
>
> What is missing?? What am I doing wrong???
>
> In the HOW-to say that to probe this kind of configuration I have to use
> the "net" command form Windows, and if it doesn't work I have to use
> "klist tickets", when I run that command I get this:
>
> [root at proton root]# klist tickets
> klist: No credentials cache found (ticket cache FILE:tickets)
>
> Wich ticket is missing?? Or how do I have to add a ticket???
>
> My krb5.com looks like this:
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DOMAIN2003.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
> default_tkt_enctypes = DES-CBC-MD5
> default_tgs_enctypes = DES-CBC-MD5
>
> [realms]
> DOMAIN2003.COM = {
> kdc = server2003.domain2003.com:88
> admin_server = server2003.domain2003.com:749
> default_domain = domain2003.com
> }
> [domain_realm]
> .domain2003.com = DOMAIN2003.COM
> comain2003.com = DOMAIN2003.COM
>
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
>
>
> And my smb.conf like this:
>
> [global]
> workgroup = domain2003
> netbios name = proton
> server string = Inetserver
> domain master = no
> local master = yes
> preferred master = yes
> max connections = 0
> interfaces = 192.168.1.0/255.255.255.0
> name resolve order = bcast wins hosts
> socket options = TCP_NODELAY
> security = ADS
> realm = domain2003.com
> encrypt passwords = yes
> update encrypted = yes
> unix password sync = yes
> printing = lprng
> printcap name = /etc/printcap
> load printers = yes
> dns proxy = yes
> allow trusted domains = yes
> wins support = no
> password server = server2003
> winbind cache time = 10
>
> [homes]
> comment = Home Directories
> writable = yes
> browseable = no
> valid users = %U
>
> [netlogon]
> comment = Logon scripts
> path = /home/netlogon
> read only = yes
> write list = @users
>
> [Profiles]
> comment = Profiles directory
> path = /home/profiles
> read only = no
> create mask = 0600
> directory mask = 0700
>
> [install]
> public = yes
> writeable = yes
> comment = Instaladores
> path = /home/samba/install
> force directory mode = 0777
>
> Thanks in advance..
More information about the samba
mailing list