[Samba] 2003 KDC and Samba

Greg Folkert greg at gregfolkert.net
Thu Jul 29 16:55:01 GMT 2004 

On Thu, 2004-07-29 at 10:08, Tran Charles A Civ OC-ALC/ITMA wrote:
> We have serveral RHEL 3.0 Update 2 servers running Samba.
> These have been working flawlessly for several months..
> 
> Recently, the base upgraded all the Windows 2000 servers
> to Windows 2003.. 
> NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..)
> 
> Previous to the Domain (and kdc) controllers to 2003 we had
> no issues joining a new Samba Sever to the ADS..
> 
> Using the same krb5.conf and kdc.conf and smb.conf file.. it 
> is no longer possible to join a Samba 3.0 server to the domain..
> 
> Any help direction is appreciated..
> VR
> Charles
> 
> Samba packages
> -------------
> samba-common-3.0.4-6.3E
> samba-3.0.4-6.3E
> samba-client-3.0.4-6.3E
> 
> Kerberos Packages..
> -----------------
> pam_krb5-1.73-1
> krb5-libs-1.2.7-24
> krb5-workstation-1.2.7-24
> krbafs-1.1.1-11
> krbafs-utils-1.1.1-11
> krb5-server-1.2.7-24
> krbafs-devel-1.1.1-11
> krb5-devel-1.2.7-24

First off, you need to use MIT kerberos v1.3.x, install it (I had to use
source to do this. v1.3.4 works nice. I just left the RHES krb5 stuff
inplace. as then it feels just like it was compiled for it.

I used a fugly configure line, for kerberos. You will prolly have to do
the same for krbafs. I also updated the pam_smb and pam_krb5 packages
from Fedora Core (got the src rpm and did a rpmbuild --rebuild on it)

Your samba should be okay, but given that 3.0.5 was just release last
week Wednesday as a security release... dunno.

I had many little problems at MIT krb5 v1.2.7. Why I went to v1.3.4.

You might also try the "currently broken" option called: spnego = Yes

It may or may not work.

If you want to know the configure options I used... let me know.
-- 
greg, greg at gregfolkert.net

The technology that is
Stronger, better, faster: Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040729/11266888/attachment.bin

More information about the samba mailing list