[Samba] After net ads join, kinit fails: Client not found...

Ross McInnes sysrm at stvincent.ac.uk
Thu Aug 18 07:34:38 GMT 2005 

On the windows machine, I just set it (again) to what it already was, worked
fine after that.

Just looking at your krb5.conf file there are a few differences from mine

 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5

I don't have either of those and;

[realms]
        DOMAIN.COM.MX = {
                 kdc = adw2kserver.domain.com.mx
                 kdc = otherADw2kserver.domain.com.mx
                 admin_server = ad2kserver.domain.com.mx
                 default_domain = domain.com.mx
         }

I only have the single kdc and it has :88 (port Im guessing) at the end of
the kdc line.

I have :749 at the end of admin_server

I have redhat es3 here, and I didn't do anything as complicated as you it
would seem (don't know if solaris makes a difference or not)

Simply, Made sure openldap was installed and kerb. Then I configured my
/etc/krb5.conf file to point to the right locatation and ran the kinit
Administrator at SOME.DOMAIN

Prompted me for a password (which didn't work 1st time, reseting
administrator on the Windows box then sorted it)

Its worked for me ever since...

Sorry I can't be of more help on this

Ross

-----Original Message-----
From: P V [mailto:ditirambo_farfulla at yahoo.com] 
Sent: 17 August 2005 17:53
To: Ross McInnes; samba at lists.samba.org
Subject: RE: [Samba] After net ads join, kinit fails: Client not found...

   Hi Ross!
   Excuse my ignorance, but how can I reset the administrators password?

--- Ross McInnes <sysrm at stvincent.ac.uk> wrote:

>  
> Hi, I *think* I had this issue. This was during my 1st setup, when I 
> reset the  administrators password it worked fine afterwards.
> 
> Also look on the AD and make sure it actually joined the domain.
> 
> Cheers
> 
> Ross
> 
> 
> -----Original Message-----
> From:
> samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
>
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org]
> On Behalf Of P
> V
> Sent: 17 August 2005 15:33
> To: samba at lists.samba.org
> Subject: [Samba] After net ads join, kinit fails:
> Client not found...
> 
>   I'm installing Samba with Security ADS (compiled --with-winbind 
> --with-ads --with-ldap --with-krb5) on Solaris 8, for connect with 
> ActiveDirectory W2K.
>   First, I created in AD Windows an account with the same name that my 
> solaris host and generated the keytab with this:
> C:\temp>ktpass princ
> host/mysolarishost at DOMAIN.COM.MX mapuser mysolarishost -pass 
> ad_user_pwd out file.keytab
>   And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil
>   I ran kinit host/mysolarishost at DOMAIN.COM.MX, and it asked me for a 
> password (ad_usr_pwd) and all right.
>   Then I ran net ads join -U Administrator.
>   It asked for password and sent:
> Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to 
> realm 'DOMAIN.COM.MX'
> 
>   After this, I ran SMB daemons. In log.smbd I get:
> [2005/08/16 19:12:48, 0] smbd/server.c:main(802)
>   smbd version 3.0.20rc1 started.
>   Copyright Andrew Tridgell and the Samba Team
> 1992-2004
> [2005/08/16 19:12:48, 0]
> libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password
> host/MYSOLARISHOST at DOMAIN.COM.MX failed: Client not found in Kerberos 
> database
> 
>    If I run kinit host/mysolarishost at DOMAIN.COM.MX, I get this 
> message:
> kinit(v5): Client not found in Kerberos database while getting initial 
> credentials
> 
>    So, the problem is when a run net ads join. After that the 
> authentication with AD W2K is broken. If I delete the computer account 
> in AD W2K, the kinit command works again.
> 
>    Any idea?
>   
> Here my configuration files:
> smb.conf:
>  [global]
>     workgroup = DOMAINNETBIOS
>     netbios name = mysolarishost
>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>     security = ads
>     realm = DOMAIN.COM.MX
>     password server = adw2kserver.domain.com.mx
> ----------------------------------------------
> 
> krb5.conf:
> [libdefaults]
>         ticket_lifetime = 24000
>         default_realm = DOMAIN.COM.MX
>         default_tgs_enctypes = des-cbc-crc
> des-cbc-md5
>         default_tkt_enctypes = des-cbc-crc
> des-cbc-md5 [realms]
>        DOMAIN.COM.MX = {
>                 kdc = adw2kserver.domain.com.mx
>                 kdc = otherADw2kserver.domain.com.mx
>                 admin_server =
> ad2kserver.domain.com.mx
>                 default_domain = domain.com.mx
>         }
> [domain_realm]
>         domain.com.mx = DOMAIN.COM.MX
>         .domainnetbios = DOMAIN.COM.MX
>         domainnetbios = DOMAIN.COM.MX
> -----------------------------------------------
> 
> nsswitch:
> passwd:     files winbind
> group:      files winbind
> hosts:      files wins
> shadow:     files winbind
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs

More information about the samba mailing list