[Samba] After net ads join, kinit fails: Client not found...
Ross McInnes
sysrm at stvincent.ac.uk
Wed Aug 17 15:31:19 GMT 2005
Hi, I *think* I had this issue. This was during my 1st setup, when I reset
the administrators password it worked fine afterwards.
Also look on the AD and make sure it actually joined the domain.
Cheers
Ross
-----Original Message-----
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of P
V
Sent: 17 August 2005 15:33
To: samba at lists.samba.org
Subject: [Samba] After net ads join, kinit fails: Client not found...
I'm installing Samba with Security ADS (compiled --with-winbind --with-ads
--with-ldap --with-krb5) on Solaris 8, for connect with ActiveDirectory W2K.
First, I created in AD Windows an account with the same name that my
solaris host and generated the keytab with this:
C:\temp>ktpass princ host/mysolarishost at DOMAIN.COM.MX mapuser mysolarishost
-pass ad_user_pwd out file.keytab
And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil
I ran kinit host/mysolarishost at DOMAIN.COM.MX, and it asked me for a
password (ad_usr_pwd) and all right.
Then I ran net ads join -U Administrator.
It asked for password and sent:
Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to realm
'DOMAIN.COM.MX'
After this, I ran SMB daemons. In log.smbd I get:
[2005/08/16 19:12:48, 0] smbd/server.c:main(802)
smbd version 3.0.20rc1 started.
Copyright Andrew Tridgell and the Samba Team
1992-2004
[2005/08/16 19:12:48, 0]
libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password
host/MYSOLARISHOST at DOMAIN.COM.MX failed: Client not found in Kerberos
database
If I run kinit host/mysolarishost at DOMAIN.COM.MX, I get this message:
kinit(v5): Client not found in Kerberos database while getting initial
credentials
So, the problem is when a run net ads join. After that the authentication
with AD W2K is broken. If I delete the computer account in AD W2K, the kinit
command works again.
Any idea?
Here my configuration files:
smb.conf:
[global]
workgroup = DOMAINNETBIOS
netbios name = mysolarishost
idmap uid = 10000-20000
idmap gid = 10000-20000
security = ads
realm = DOMAIN.COM.MX
password server = adw2kserver.domain.com.mx
----------------------------------------------
krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM.MX
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms]
DOMAIN.COM.MX = {
kdc = adw2kserver.domain.com.mx
kdc = otherADw2kserver.domain.com.mx
admin_server =
ad2kserver.domain.com.mx
default_domain = domain.com.mx
}
[domain_realm]
domain.com.mx = DOMAIN.COM.MX
.domainnetbios = DOMAIN.COM.MX
domainnetbios = DOMAIN.COM.MX
-----------------------------------------------
nsswitch:
passwd: files winbind
group: files winbind
hosts: files wins
shadow: files winbind
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list