[Samba] Cannot join Domain with ads

Markus PASCHINGER markus.paschinger at pva.sozvers.at
Wed Aug 31 14:11:04 GMT 2005 

Hello!

I am trying to join a w2k3 Domain with a net ads join .

i get the follwing error when i try it

  ads_sasl_spnego_bind: got server principal name =server$@MY.DOMAIN.COM
[2005/08/31 16:04:35, 3] libsmb/clikrb5.c:ads_krb5_mk_req(384)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2005/08/31 16:04:35, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password root at MY.DOMAIN.COM failed: Cannot resolve network
address for KDC in requested realm
[2005/08/31 16:04:35, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Cannot resolve network address for KDC in requested realm
[2005/08/31 16:04:35, 2] utils/net.c:main(873)
  return code = -1

Has anybody an idea where my config error is?

      Thanks
      Markus

My krb5.conf

[libdefaults]
default_realm = MY.DOMAIN.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc


[realms]
MY.DOMAIN.COM = {
kdc = 10.2XX.XX.XX
}

[domain_realm]
.WORKGROUP = MY.DOMAIN.COM

[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}



My smb.conf

# Global parameters
[global]
        workgroup = WORKGROUP
        netbios name = s01anims
        realm = MY.DOMAIN.COM
        interfaces = 10.2XX.XX.XXX/255.255.255.0
        password server = *
        encrypt passwords = yes
        security = ADS
        client schannel = No
        log level = 1
        log file = /etc/samba/log/log.%m
        max log size = 500
        keepalive = 0
        machine password timeout = 0
        wins server = 10.201.77.18
        idmap uid = 50000-90000
        idmap gid = 50000-90000
        winbind separator = +

[homes]
        comment = Home Directories
        path = /samba-data/home/%S
        valid users = WORKGROUP+%S
        read only = No
        inherit acls = Yes
        browseable = No

[profiles]
        comment = Network Profiles Service
        path = /samba-data/profiles
        valid users = @WORKGROUP+domänen-benutzer
        read list = @WORKGROUP+domänen-benutzer
        write list = @WORKGROUP+domänen-benutzer
        read only = No
        create mask = 0600
        directory mask = 0700
        store dos attributes = Yes

My ldap.conf

HOST    10.2XX.XX.XX
BASE    dc=my,dc=domain,dc=com
PORT    389
LDAP_VERSION 3
BINDDN  "cn=ldap,dc=my,dc=domain,dc=com"
ROOTBINDDN      "cn=ldap,dc=my,dc=domain,dc=com"
BINDPW  openldap


SIZELIMIT       12
TIMELIMIT       15
DREF            never

More information about the samba mailing list