[Samba] 2003 KDC and Samba

Tran Charles A Civ OC-ALC/ITMA charles.tran at tinker.af.mil
Thu Jul 29 14:08:02 GMT 2004


We have serveral RHEL 3.0 Update 2 servers running Samba.
These have been working flawlessly for several months..

Recently, the base upgraded all the Windows 2000 servers
to Windows 2003.. 
NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..)

Previous to the Domain (and kdc) controllers to 2003 we had
no issues joining a new Samba Sever to the ADS..

Using the same krb5.conf and kdc.conf and smb.conf file.. it 
is no longer possible to join a Samba 3.0 server to the domain..

Any help direction is appreciated..
VR
Charles

Samba packages
-------------
samba-common-3.0.4-6.3E
samba-3.0.4-6.3E
samba-client-3.0.4-6.3E

Kerberos Packages..
-----------------
pam_krb5-1.73-1
krb5-libs-1.2.7-24
krb5-workstation-1.2.7-24
krbafs-1.1.1-11
krbafs-utils-1.1.1-11
krb5-server-1.2.7-24
krbafs-devel-1.1.1-11
krb5-devel-1.2.7-24


Things tried..(per the samba docs. this is the first step..)

kinit USERNAME at REALM	
error..
kinit(v5): KRB5 error code 52 while getting initial credentials

net ads join "/IT/Computers/Servers-2" -U adminOFthisOU
error..
kerberos_kinit_password ADMINOFTHISOU at USAF.AFMC.DS.AF.MIL failed: KRB5 error
code 52

Not much on google about this error.. 

krb5.conf
**************
logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = USAF.AFMC.DS.AF.MIL
#  default_tgs_enctypes = rc4-hmac
#  default_tkt_enctypes = rc4-hmac
  dns_lookup_realm = false
  dns_lookup_kdc = false

[realms]
 USAF.AFMC.DS.AF.MIL = {
  kdc = xxx.xxx.xxx.241:88
  admin_server = xxx.xxx.xxx.241:749
  default_domain = usaf.af.mil
 }

[domain_realm]
 .usaf.af.mil = USAF.AFMC.DS.AF.MIL
 usaf.af.mil = USAF.AFMC.DS.AF.MIL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
*****************************
kdc.conf
*********
[kdcdefaults]
 acl_file = /var/kerberos/krb5kdc/kadm5.acl
 dict_file = /usr/share/dict/words
 admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
 v4_mode = nopreauth

[realms]
 USAF.AFMC.DS.AF.MIL = {
  master_key_type = des-cbc-crc
  supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm
des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal
des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3
des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4
des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm
des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal
des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
 }
*********
smb.conf
*****[global]
        workgroup = USAF-2K
        realm = USAF.AFMC.DS.AF.MIL
        server string = 
        security = ADS
        obey pam restrictions = Yes
        password server = xxx.xxx.xxx.241
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        log file = /var/log/samba/%m.log
        max log size = 0
        announce version = 5.0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.50.1.52
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
#       winbind separator = +
#       valid users = @oracle
        printing = cups

[testshare]
        comment = System Share
        path = /home2/share
        force group = share
        writeable = yes
        case sensitive = Yes
        hide dot files = No




More information about the samba mailing list