[Samba] SAMBA Kerberos misunderstanding
Bradley Schatz
blschatz at gmail.com
Wed Feb 21 08:41:42 GMT 2007
Hi Mark,
For some background, I am actually trying to set up a http kerberos service
so that I can use mod_auth_krb in apache2.
Would net ads join createupn=http/foundry.example.local do the trick?
I am on 3.0.22, which does not support this syntax. Any work-arounds?
thanks,
Bradley
On 2/21/07, Mark Proehl <M.Proehl at science-computing.de> wrote:
>
> Hi,
>
> try
>
> net ads join createupn=host/foundry.example.local
>
> - Mark
>
> On Tue, Feb 20, 2007 at 05:57:47PM +1000, Bradley Schatz wrote:
> > I suspect I might be grossly misunderstanding kerberos and AD here, but
> I
> > cant seem to grok the following.
> >
> > net ads join integrates my linux samba server (named foundry) into an AD
> > domain and all works fine. The samba server is using the kerberos
> keytab.
> >
> > root at foundry:~ # kinit -k -t /etc/krb5.keytab foundry$
> > root at foundry:~ # kinit -k -t /etc/krb5.keytab host/foundry.example.local
> > kinit(v5): Client not found in Kerberos database while getting initial
> > credentials
> >
> > Why can't kinit find the service host/foundry.example.local in the AD
> > Kerberos database? It seems to be in the local linux server keylist:
> >
> > root at foundry:~ # klist -k
> > Keytab name: FILE:/etc/krb5.keytab
> > KVNO Principal
> > ----
> >
> --------------------------------------------------------------------------
> > 2 host/foundry.example.local at EXAMPLE.LOCAL
> > 2 host/foundry.example.local at EXAMPLE.LOCAL
> > .... cut ...
> >
> > What am I missing here?
> >
> > Thanks,
> >
> > Bradley
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list