[Samba] To all with FreeBSD 5.2.1 and net ads join problems
Tom Skeren
tms3 at fsklaw.net
Fri May 28 18:06:10 GMT 2004
If your getting kinit problems with net ads join (don't bother with
testjoin-it will error out no matter), do the following:
1. Change an administrators password, especially if you upgraded from
NT 4.
2. Create a krb5.conf file int /etc that looks like this:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = YOURDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
FSKLAW.NET = {
kdc = kerberos.yourdomain.com
admin_server = servername.yourdomain.com
default_domain= yourdomain.com
}
[domain_realm]
.kerberos.server = KERBEROS.FSKLAW.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
3. Test kinit: kinit SOMEADMIN at YOURDOMAIN.COM enter new password.
You should be at a prompt. You'll get nothing if it's working.
4. Join the domain. net ads --user=someadmin join. Enter password.
You should get some message telling you you were successfull. Check out
the Win2k machine. The samba name of your Unix box should be in active
directory users and computers, in computers. Double click the listing
and check version. It should say the OS is Samba 3.0.x. Your in,
mostly at this point.
Hope this helps, I've been at this three weeks now.
TMS III
More information about the samba
mailing list