AW: [Samba] Domain logon against a Windows Server 2003 based AD

Marcus Franke Marcus.Franke at gmx.net
Tue Jul 13 10:34:10 GMT 2004


Hi, 
 
> Jul 13 11:06:56 linux winbindd[20394]: [2004/07/13 11:06:56, 0]  
> libsmb/cliconnect.c:cli_session_setup_spnego(724)  
> Jul 13 11:06:56 linux winbindd[20394]:   Kinit failed: Cannot find KDC 
for 
> requested realm  
 
I did some further investigations into this direction and found 
some possible misconfiguration in the krb5-workstation/server 
package config. 
 
my /etc/krb5.conf looks like this (looks good for my eyes): 
 
Interesting is, there are no logfiles in /var/log/kerberos 
Tought about touching them, but I don't know which rights 
and set of user.group for the files, so I did not do it. 
 
[logging] 
 default = FILE:/var/log/kerberos/krb5libs.log 
 kdc = FILE:/var/log/kerberos/krb5kdc.log 
 admin_server = FILE:/var/log/kerberos/kadmind.log 
 
[libdefaults] 
 ticket_lifetime = 24000 
 default_realm = IDEALTEC.LOCAL  
 default_tgs_enctypes = des-cbc-md5 
 default_tkt_enctypes = des-cbc-md5 
 permitted_enctypes = des3-hmac-sha1 des-cbc-crc 
 dns_lookup_realm = false 
 dns_lookup_kdc = false 
 kdc_req_checksum_type = 2 
 checksum_type = 2 
 ccache_type = 1 
 forwardable = true 
 proxiable = true 
 
[realms] 
 IDEALTEC.LOCAL = { 
  kdc = dc-hh-001.idealtec.local:88 
  admin_server = dc-hh-001.idealtec.local:749 
  default_domain = idealtec.local 
 } 
 
These parameters seem to be right, because in my dns zone there 
is a _kerberos._tcp.dc._msdcs.idealtec.local entry pointing to 
port 88. kdc is avail and working, as my two windows test clients 
can use the domain with no problem :( 
 
but, admin_server isnt quite clear to me, what does it mean? 
 
 
[domain_realm] 
 .idealtec.local = IDEALTEC.LOCAL 
 
[kdc] 
 profile = /etc/kerberos/krb5kdc/kdc.conf 
 
in this file, there was a small error, as there was 
still MANDRAKESOFT.COM as default domain, but I changed 
this to the correct value, but no change.. 
 
[pam] 
 debug = true 
 ticket_lifetime = 36000 
 renew_lifetime = 36000 
 forwardable = true 
 krb4_convert = false 
 
 [login] 
 krb4_convert = false 
 krb4_get_tickets = false 
 
 
Bye, 
Marcus 

-- 
pedo mellon a minno



More information about the samba mailing list