[Samba] After net ads join, kinit fails: Client not found...

Ross McInnes sysrm at stvincent.ac.uk
Wed Aug 17 15:31:19 GMT 2005


 
Hi, I *think* I had this issue. This was during my 1st setup, when I reset
the  administrators password it worked fine afterwards.

Also look on the AD and make sure it actually joined the domain.

Cheers

Ross


-----Original Message-----
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of P
V
Sent: 17 August 2005 15:33
To: samba at lists.samba.org
Subject: [Samba] After net ads join, kinit fails: Client not found...

  I'm installing Samba with Security ADS (compiled --with-winbind --with-ads
--with-ldap --with-krb5) on Solaris 8, for connect with ActiveDirectory W2K.
  First, I created in AD Windows an account with the same name that my
solaris host and generated the keytab with this:
C:\temp>ktpass princ host/mysolarishost at DOMAIN.COM.MX mapuser mysolarishost
-pass ad_user_pwd out file.keytab
  And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil
  I ran kinit host/mysolarishost at DOMAIN.COM.MX, and it asked me for a
password (ad_usr_pwd) and all right.
  Then I ran net ads join -U Administrator.
  It asked for password and sent:
Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to realm
'DOMAIN.COM.MX'

  After this, I ran SMB daemons. In log.smbd I get:
[2005/08/16 19:12:48, 0] smbd/server.c:main(802)
  smbd version 3.0.20rc1 started.
  Copyright Andrew Tridgell and the Samba Team
1992-2004
[2005/08/16 19:12:48, 0]
libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password
host/MYSOLARISHOST at DOMAIN.COM.MX failed: Client not found in Kerberos
database

   If I run kinit host/mysolarishost at DOMAIN.COM.MX, I get this message:
kinit(v5): Client not found in Kerberos database while getting initial
credentials

   So, the problem is when a run net ads join. After that the authentication
with AD W2K is broken. If I delete the computer account in AD W2K, the kinit
command works again.

   Any idea?
  
Here my configuration files:
smb.conf:
 [global]
    workgroup = DOMAINNETBIOS
    netbios name = mysolarishost
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    security = ads
    realm = DOMAIN.COM.MX
    password server = adw2kserver.domain.com.mx
----------------------------------------------

krb5.conf:
[libdefaults]
        ticket_lifetime = 24000
        default_realm = DOMAIN.COM.MX
        default_tgs_enctypes = des-cbc-crc des-cbc-md5
        default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms]
       DOMAIN.COM.MX = {
                kdc = adw2kserver.domain.com.mx
                kdc = otherADw2kserver.domain.com.mx
                admin_server =
ad2kserver.domain.com.mx
                default_domain = domain.com.mx
        }
[domain_realm]
        domain.com.mx = DOMAIN.COM.MX
        .domainnetbios = DOMAIN.COM.MX
        domainnetbios = DOMAIN.COM.MX
-----------------------------------------------

nsswitch:
passwd:     files winbind
group:      files winbind
hosts:      files wins
shadow:     files winbind


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list