[Samba] 2003 KDC and Samba
Tran Charles A Civ OC-ALC/ITMA
charles.tran at tinker.af.mil
Thu Jul 29 14:08:02 GMT 2004
We have serveral RHEL 3.0 Update 2 servers running Samba.
These have been working flawlessly for several months..
Recently, the base upgraded all the Windows 2000 servers
to Windows 2003..
NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..)
Previous to the Domain (and kdc) controllers to 2003 we had
no issues joining a new Samba Sever to the ADS..
Using the same krb5.conf and kdc.conf and smb.conf file.. it
is no longer possible to join a Samba 3.0 server to the domain..
Any help direction is appreciated..
VR
Charles
Samba packages
-------------
samba-common-3.0.4-6.3E
samba-3.0.4-6.3E
samba-client-3.0.4-6.3E
Kerberos Packages..
-----------------
pam_krb5-1.73-1
krb5-libs-1.2.7-24
krb5-workstation-1.2.7-24
krbafs-1.1.1-11
krbafs-utils-1.1.1-11
krb5-server-1.2.7-24
krbafs-devel-1.1.1-11
krb5-devel-1.2.7-24
Things tried..(per the samba docs. this is the first step..)
kinit USERNAME at REALM
error..
kinit(v5): KRB5 error code 52 while getting initial credentials
net ads join "/IT/Computers/Servers-2" -U adminOFthisOU
error..
kerberos_kinit_password ADMINOFTHISOU at USAF.AFMC.DS.AF.MIL failed: KRB5 error
code 52
Not much on google about this error..
krb5.conf
**************
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = USAF.AFMC.DS.AF.MIL
# default_tgs_enctypes = rc4-hmac
# default_tkt_enctypes = rc4-hmac
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
USAF.AFMC.DS.AF.MIL = {
kdc = xxx.xxx.xxx.241:88
admin_server = xxx.xxx.xxx.241:749
default_domain = usaf.af.mil
}
[domain_realm]
.usaf.af.mil = USAF.AFMC.DS.AF.MIL
usaf.af.mil = USAF.AFMC.DS.AF.MIL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
*****************************
kdc.conf
*********
[kdcdefaults]
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth
[realms]
USAF.AFMC.DS.AF.MIL = {
master_key_type = des-cbc-crc
supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm
des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal
des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3
des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4
des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm
des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal
des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
}
*********
smb.conf
*****[global]
workgroup = USAF-2K
realm = USAF.AFMC.DS.AF.MIL
server string =
security = ADS
obey pam restrictions = Yes
password server = xxx.xxx.xxx.241
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
log file = /var/log/samba/%m.log
max log size = 0
announce version = 5.0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
domain master = No
wins server = 10.50.1.52
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
# winbind separator = +
# valid users = @oracle
printing = cups
[testshare]
comment = System Share
path = /home2/share
force group = share
writeable = yes
case sensitive = Yes
hide dot files = No
More information about the samba
mailing list