[Samba] Cannot join Domain with ads
Markus PASCHINGER
markus.paschinger at pva.sozvers.at
Wed Aug 31 14:11:04 GMT 2005
Hello!
I am trying to join a w2k3 Domain with a net ads join .
i get the follwing error when i try it
ads_sasl_spnego_bind: got server principal name =server$@MY.DOMAIN.COM
[2005/08/31 16:04:35, 3] libsmb/clikrb5.c:ads_krb5_mk_req(384)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2005/08/31 16:04:35, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password root at MY.DOMAIN.COM failed: Cannot resolve network
address for KDC in requested realm
[2005/08/31 16:04:35, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Cannot resolve network address for KDC in requested realm
[2005/08/31 16:04:35, 2] utils/net.c:main(873)
return code = -1
Has anybody an idea where my config error is?
Thanks
Markus
My krb5.conf
[libdefaults]
default_realm = MY.DOMAIN.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
MY.DOMAIN.COM = {
kdc = 10.2XX.XX.XX
}
[domain_realm]
.WORKGROUP = MY.DOMAIN.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}
My smb.conf
# Global parameters
[global]
workgroup = WORKGROUP
netbios name = s01anims
realm = MY.DOMAIN.COM
interfaces = 10.2XX.XX.XXX/255.255.255.0
password server = *
encrypt passwords = yes
security = ADS
client schannel = No
log level = 1
log file = /etc/samba/log/log.%m
max log size = 500
keepalive = 0
machine password timeout = 0
wins server = 10.201.77.18
idmap uid = 50000-90000
idmap gid = 50000-90000
winbind separator = +
[homes]
comment = Home Directories
path = /samba-data/home/%S
valid users = WORKGROUP+%S
read only = No
inherit acls = Yes
browseable = No
[profiles]
comment = Network Profiles Service
path = /samba-data/profiles
valid users = @WORKGROUP+domänen-benutzer
read list = @WORKGROUP+domänen-benutzer
write list = @WORKGROUP+domänen-benutzer
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
My ldap.conf
HOST 10.2XX.XX.XX
BASE dc=my,dc=domain,dc=com
PORT 389
LDAP_VERSION 3
BINDDN "cn=ldap,dc=my,dc=domain,dc=com"
ROOTBINDDN "cn=ldap,dc=my,dc=domain,dc=com"
BINDPW openldap
SIZELIMIT 12
TIMELIMIT 15
DREF never
More information about the samba
mailing list