[Samba] problems includind a samba server in a 2003 network

jpbermejo at prisacom.com jpbermejo at prisacom.com
Wed Jan 5 15:08:45 GMT 2005


On  4 Jan, Pierre Le SIDANER wrote:
> Hello I am brand new on samba server
> I am trying to put a samba server in a windows 2003 domain
> the autentification have to be done by the 2003 AD, and my configuration 
> does not work
> 
> my samba version is samba-3.0.10-1 on redhat
> as i try to access samba server from a xp on the domain it does not work
> 
> i have try to access the pdc with ads "laurel" with net join from the 
> samba server
> with an acount Pierre_admin on the AD witch is administrator
> and it does not work
> 
> [root at silvacane etc]# net join -S laurel.obspm.fr -U Pierre_admin%toto
> [2005/01/04 16:25:43, 0] libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password Pierre_admin at SERVICES.OBSPM.FR failed: Cannot 
> find KDC for requested realm
> [2005/01/04 16:25:43, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: Cannot find KDC for requested realm
> [2005/01/04 16:25:43, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>   cli_nt_setup_creds: request challenge failed
> [2005/01/04 16:25:43, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>   cli_nt_setup_creds: request challenge failed
> [2005/01/04 16:25:43, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
>   Error domain join verification (reused connection): 
> NT_STATUS_INVALID_COMPUTER_NAME
> 
> 
> I give you my smb.conf config, thank you for some help
> [global]
> workgroup = SERVICES

The first part of the 'net join' error is probably due to kerberos
misconfiguration. Check the default_realm on krb5.conf is your domain
name and/or fill the [realms] section with proper values.

I might also recommend you to add 'realm = DOMAIN' and 'use kerberos
keytab = yes' to smb.conf

In my case, to add a machine (stock FC3 updated) to the domain I execute
$ kinit Administrator
$ net ads join
and you get the machine on the domain and HOST/CIFS keys on krb5.keytab

							Javier Palacios
							



============================================================================
This e-mail message and any attached files are intended SOLELY for the addressee/s identified herein. It may contain CONFIDENTIAL and/or LEGALLY PRIVILEGED  information and may not necessarily represent the opinion of this company. If you receive this message in ERROR, please immediately notify the sender and DELETE it since you ARE NOT AUTHORIZED  to use, disclose, distribute, print or copy all or part of the contained information. Thank you.  
============================================================================


More information about the samba mailing list