[Samba] Managed to make some progress, stuck again.
Jeremy Allison
jra at samba.org
Tue Apr 18 19:18:38 GMT 2006
On Tue, Apr 18, 2006 at 03:14:02PM -0400, Simon Renshaw wrote:
> Hi,
>
> An update on my work to integrate my Linux server (CentOS 4.3) in AD
> 2003.
>
> Sorry about the long post :)
>
> Found this page
> (http://www.enterprisenetworkingplanet.com/netos/article.php/3487081)
> and followed the instructions on it.
>
> First, I made sure that the Samba installation is supporting Kerberos,
> LDAP, AD and Windbind. That was OK.
>
> I made sure that /etc/hosts contain the name of the AD server
> (castor-srvr1).
>
> Then I edited /etc/krb5.conf to include the following:
>
> [libdefaults]
> default_realm = CASTORTECH.COM
>
> [realms]
> CASTORTECH.COM = {
> kdc = castor-srvr1.castortech.com
> }
>
> [domain_realm]
> .kerberos.server = CASTORTECH.COM
>
> I got the default realm name when I ran ksetup on the AD server.
>
> I then tried to connect using kinit administrator at CASTORTECH.COM. It
> asks for a password and it return an error (krb_error 14 KDC has no
> support for encryption type). If I use another user (simon, my account
> with domain admin rights), it connects and create a new ticket. To be
> sure, I tested with a user that don't exist and got a "krb_error 24
> Pre-authentication information was invalid". Any idea why administrator
> won't connect?
It looks like the version of kerberos you're using doesn't have
support for the AD enctypes. Update it.
Jeremy.
More information about the samba
mailing list