[Samba] W2k ADS Samba 3.0.11 and krb5
Glenn Sylvester
gsylvester at yahoo.com
Thu Feb 17 21:34:23 GMT 2005
Am still having problems getting Samba/W2K ADS to work
w/MIT-KRB5. Fresh install of following:
Slackware 10.1
Openldap 2.2.23
MIT krb5 1.4
Samba 3.0.11 (with clitar patch)
Following
"http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member"
I get to:
kinit administrator at OURORG.OURDOMAIN.ORG
(comes back to prompt after password, no error.
klist -e gives:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at OURORG.OURDOMAIN.ORG
Valid starting Expires Service
principal
02/17/05 16:09:54 02/18/05 02:10:04
krbtgt/OURORG.OURDOMAIN.ORG at OURORG.OURDOMAIN.ORG
renew until 02/18/05 16:09:54 Etype (skey,
tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
but
klist tickets gives:
klist: No credentials cache found (ticket cache
FILE:tickets)
and I get a security error on the ADS server:
Pre-authentication failed
User name: administrator
User ID: OURORG\administrator
Service Name: krbtg\OURORG.OURDOMAIN.ORG
etc.
This sounds like I am having a Kerberos problem (I
haven't joined the domain or started samba yet)
What should I try next???????????????????
Thanks if you can help!
/etc/krb5.conf contains:
[libdefaults]
default_realm = OURORG.OURDOMAIN.ORG
[realms]
OURORG.OURDOMAIN.ORG = {
kdc = W2KADS.OURORG.OURDOMAIN.ORG:88
admin_server =
W2KADS.OURORG.OURDOMAIN.ORG:749
default_domain = OURORG.OURDOMAIN.ORG
}
[domain_realm]
.ourorg.ourdomain.org = OURORG.OURDOMAIN.ORG
ourorg.ourdomain.org = OURORG.OURDOMAIN.ORG
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
More information about the samba
mailing list