AW: [Samba] Domain logon against a Windows Server 2003 based AD
Marcus Franke
Marcus.Franke at gmx.net
Tue Jul 13 10:34:10 GMT 2004
Hi,
> Jul 13 11:06:56 linux winbindd[20394]: [2004/07/13 11:06:56, 0]
> libsmb/cliconnect.c:cli_session_setup_spnego(724)
> Jul 13 11:06:56 linux winbindd[20394]: Kinit failed: Cannot find KDC
for
> requested realm
I did some further investigations into this direction and found
some possible misconfiguration in the krb5-workstation/server
package config.
my /etc/krb5.conf looks like this (looks good for my eyes):
Interesting is, there are no logfiles in /var/log/kerberos
Tought about touching them, but I don't know which rights
and set of user.group for the files, so I did not do it.
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = IDEALTEC.LOCAL
default_tgs_enctypes = des-cbc-md5
default_tkt_enctypes = des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
IDEALTEC.LOCAL = {
kdc = dc-hh-001.idealtec.local:88
admin_server = dc-hh-001.idealtec.local:749
default_domain = idealtec.local
}
These parameters seem to be right, because in my dns zone there
is a _kerberos._tcp.dc._msdcs.idealtec.local entry pointing to
port 88. kdc is avail and working, as my two windows test clients
can use the domain with no problem :(
but, admin_server isnt quite clear to me, what does it mean?
[domain_realm]
.idealtec.local = IDEALTEC.LOCAL
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
in this file, there was a small error, as there was
still MANDRAKESOFT.COM as default domain, but I changed
this to the correct value, but no change..
[pam]
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
Bye,
Marcus
--
pedo mellon a minno
More information about the samba
mailing list