[Samba] SAMBA Kerberos misunderstanding
Mark Proehl
M.Proehl at science-computing.de
Tue Feb 20 16:06:37 GMT 2007
Hi,
try
net ads join createupn=host/foundry.example.local
- Mark
On Tue, Feb 20, 2007 at 05:57:47PM +1000, Bradley Schatz wrote:
> I suspect I might be grossly misunderstanding kerberos and AD here, but I
> cant seem to grok the following.
>
> net ads join integrates my linux samba server (named foundry) into an AD
> domain and all works fine. The samba server is using the kerberos keytab.
>
> root at foundry:~ # kinit -k -t /etc/krb5.keytab foundry$
> root at foundry:~ # kinit -k -t /etc/krb5.keytab host/foundry.example.local
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
>
> Why can't kinit find the service host/foundry.example.local in the AD
> Kerberos database? It seems to be in the local linux server keylist:
>
> root at foundry:~ # klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 2 host/foundry.example.local at EXAMPLE.LOCAL
> 2 host/foundry.example.local at EXAMPLE.LOCAL
> .... cut ...
>
> What am I missing here?
>
> Thanks,
>
> Bradley
More information about the samba
mailing list