[Samba] After net ads join, kinit fails: Client not found...
P V
ditirambo_farfulla at yahoo.com
Wed Aug 17 16:52:56 GMT 2005
Hi Ross!
Excuse my ignorance, but how can I reset the
administrators password?
--- Ross McInnes <sysrm at stvincent.ac.uk> wrote:
>
> Hi, I *think* I had this issue. This was during my
> 1st setup, when I reset
> the administrators password it worked fine
> afterwards.
>
> Also look on the AD and make sure it actually joined
> the domain.
>
> Cheers
>
> Ross
>
>
> -----Original Message-----
> From:
> samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
>
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org]
> On Behalf Of P
> V
> Sent: 17 August 2005 15:33
> To: samba at lists.samba.org
> Subject: [Samba] After net ads join, kinit fails:
> Client not found...
>
> I'm installing Samba with Security ADS (compiled
> --with-winbind --with-ads
> --with-ldap --with-krb5) on Solaris 8, for connect
> with ActiveDirectory W2K.
> First, I created in AD Windows an account with the
> same name that my
> solaris host and generated the keytab with this:
> C:\temp>ktpass princ
> host/mysolarishost at DOMAIN.COM.MX mapuser
> mysolarishost
> -pass ad_user_pwd out file.keytab
> And add the file to /etc/krb5/krb5.keytab with
> kerberos/sbin/ktutil
> I ran kinit host/mysolarishost at DOMAIN.COM.MX, and
> it asked me for a
> password (ad_usr_pwd) and all right.
> Then I ran net ads join -U Administrator.
> It asked for password and sent:
> Using short domain name -- DOMAINNETBIOS Joined
> 'MYSOLARISHOST' to realm
> 'DOMAIN.COM.MX'
>
> After this, I ran SMB daemons. In log.smbd I get:
> [2005/08/16 19:12:48, 0] smbd/server.c:main(802)
> smbd version 3.0.20rc1 started.
> Copyright Andrew Tridgell and the Samba Team
> 1992-2004
> [2005/08/16 19:12:48, 0]
> libads/kerberos.c:ads_kinit_password(146)
> kerberos_kinit_password
> host/MYSOLARISHOST at DOMAIN.COM.MX failed: Client not
> found in Kerberos
> database
>
> If I run kinit host/mysolarishost at DOMAIN.COM.MX,
> I get this message:
> kinit(v5): Client not found in Kerberos database
> while getting initial
> credentials
>
> So, the problem is when a run net ads join. After
> that the authentication
> with AD W2K is broken. If I delete the computer
> account in AD W2K, the kinit
> command works again.
>
> Any idea?
>
> Here my configuration files:
> smb.conf:
> [global]
> workgroup = DOMAINNETBIOS
> netbios name = mysolarishost
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> security = ads
> realm = DOMAIN.COM.MX
> password server = adw2kserver.domain.com.mx
> ----------------------------------------------
>
> krb5.conf:
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DOMAIN.COM.MX
> default_tgs_enctypes = des-cbc-crc
> des-cbc-md5
> default_tkt_enctypes = des-cbc-crc
> des-cbc-md5 [realms]
> DOMAIN.COM.MX = {
> kdc = adw2kserver.domain.com.mx
> kdc = otherADw2kserver.domain.com.mx
> admin_server =
> ad2kserver.domain.com.mx
> default_domain = domain.com.mx
> }
> [domain_realm]
> domain.com.mx = DOMAIN.COM.MX
> .domainnetbios = DOMAIN.COM.MX
> domainnetbios = DOMAIN.COM.MX
> -----------------------------------------------
>
> nsswitch:
> passwd: files winbind
> group: files winbind
> hosts: files wins
> shadow: files winbind
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
More information about the samba
mailing list