[Samba] W2k ADS Samba 3.0.11 and krb5

Glenn Sylvester gsylvester at yahoo.com
Thu Feb 17 21:34:23 GMT 2005


Am still having problems getting Samba/W2K ADS to work
w/MIT-KRB5. Fresh install of following:
Slackware 10.1
Openldap 2.2.23
MIT krb5 1.4
Samba 3.0.11 (with clitar patch)

Following
"http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member"

I get to:
kinit administrator at OURORG.OURDOMAIN.ORG
(comes back to prompt after password, no error.

klist -e gives:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at OURORG.OURDOMAIN.ORG
Valid starting     Expires            Service
principal
02/17/05 16:09:54  02/18/05 02:10:04 
krbtgt/OURORG.OURDOMAIN.ORG at OURORG.OURDOMAIN.ORG
        renew until 02/18/05 16:09:54 Etype (skey,
tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

but
klist tickets gives:
klist: No credentials cache found (ticket cache
FILE:tickets)

and I get a security error on the ADS server:
Pre-authentication failed
User name: administrator
User ID:   OURORG\administrator
Service Name: krbtg\OURORG.OURDOMAIN.ORG
etc.

This sounds like I am having a Kerberos problem (I
haven't joined the domain or started samba yet)
What should I try next???????????????????
Thanks if you can help!

/etc/krb5.conf contains:
[libdefaults]
        default_realm = OURORG.OURDOMAIN.ORG
[realms]
        OURORG.OURDOMAIN.ORG = {
                kdc  = W2KADS.OURORG.OURDOMAIN.ORG:88 
                admin_server =
W2KADS.OURORG.OURDOMAIN.ORG:749
                default_domain = OURORG.OURDOMAIN.ORG
                }
[domain_realm]
        .ourorg.ourdomain.org = OURORG.OURDOMAIN.ORG
        ourorg.ourdomain.org = OURORG.OURDOMAIN.ORG

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log










		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 



More information about the samba mailing list