[Samba] Net ads join

Tom Skeren tms3 at fsklaw.net
Fri May 7 13:08:36 GMT 2004

Thanks again Paul,

I got the Redhat box working, mostly, except that all users only have 
user rights on the samba share.  Can't seem to get ADS users to have the 
permisions on Samba shares they have on the 2000 shares.  But  a  huge 
leap forward  for  me  today. I've been spinning my wheels all week.  
The article link was most helpful.  Now it's onto the FreeBSD boxes, and 
configuring bind9 to mimic well enough 2000DNS so that the sattelite 
offices samba servers can authenticate too.

The BSD boxes under kinit are behaving oddly.  The laptop keeps 
responding back with clock skew too great.  The FreeBSD server is 
running bind so, it's not even getting to kerberos, yet.

Thanks again.

Paul Gienger wrote:

> I'm going to have to defer to someone with superiour knowledge here, 
> I've only set up ADS membership once, and that was on a test environment.
> Two things though, are you specifying your realm as lower case or 
> upper case?  I believe you need to it uppercase: FSKLAW.NET    Also, 
> what do you get when you run the kinit command from the document?
> Tom Skeren wrote:
>> Thanks for asking Paul.
>> I decided to see the error message of a net ads join -U admin would 
>> be and got:  can't find realm.  Edited krb5.conf changing kdc = 
>> server.fsklaw.net to kerberos.fsklaw.net.  I then joined the domain, 
>> and in Windows 2000 the computer Linux is their with Opereating 
>> system 3.0.3.
>> However, krb5kdc.log says:
>> Cannot find/read stored master key -  while fetching master key K/M 
>> for realm fsklaw.net.
>> Also, it appears that winbindd will not start.  I'm very new to 
>> Redhat, so while I have a modest UNIX (BSD) background, I'm a bit  of 
>> a fish out of water on the Redhat box, so be gentle  ;-).
>> Thanks again Paul
>> Paul Gienger wrote:
>>> Have you done any kerberos setup?  Whatever steps you have taken 
>>> there would be helpful as well.
>>> Also, take a look at TOSHARG chapter 6:
>>> http://us2.samba.org/samba/docs/man/howto/domain-member.html#ads-member
>>> Tom Skeren wrote:
>>>> O.K.  well no one has responded to any requests for help yet.  
>>>> Maybe I'll get lucky this time.
>>>> Switched to the Red Hat web server.  Configured 3.0.3 --with-ads.  
>>>> Do net ads testjoin, system response:
>>>> LINUX@'s password:  (type pass) (response)
>>>> [2004/05/07 09:49:11, 0]  libads/kerberos.c:ads_kinit_password (135)
>>>>    kerberos_kinit_password LINUX$@ failed:  Malformed 
>>>> representation of principal
>>>> Join to domain is not valid.
>>>> What have I got wrong?  Any suggestions would be appreciated.
>>>> TMS III

More information about the samba mailing list