FW: [Samba] Followup Restricting to a subset of the domain controllers on a site

Gerald (Jerry) Carter jerry at samba.org
Mon Jun 4 16:20:43 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wayne Rasmussen wrote:
> 
> #1) With Samba-3.0.25, when /usr/local/samba/bin/net ads 
> join runs we are now getting a prompt for a password.
> This can be seen in the file samba-3.0.25.log as:
> Password for stevelongname at ADTEST.COM:
> Password:
> 
> If I type in the password for stevelongname at ADTEST.COM, we get the
> following
> error message: 
> [2007/05/31 14:00:02, 0]
> libsmb/cliconnect.c:cli_session_setup_spnego(853)
>   Kinit failed: Client not found in Kerberos database
> Failed to join domain: Improperly formed account name

File a bug for me.  This is probably mine.

> #2)  klist shows a difference between samba-3.0.10 and samba-3.0.25.
> 
> Samba-3.0.10 has the following:
> Valid starting     Expires            Service principal
> 05/30/07 19:20:14  05/31/07 05:20:14  krbtgt/ADTEST.COM at ADTEST.COM
>    renew until 05/31/07 19:20:14
> 05/30/07 19:20:14  05/31/07 05:20:14  adtestserver01$@ADTEST.COM
>    renew until 05/31/07 19:20:14
> 05/30/07 19:20:14  05/31/07 05:20:14  kadmin/changepw at ADTEST.COM
>    renew until 05/31/07 19:20:14
> 
> Samba-3.0.25 has the following:
> Valid starting     Expires            Service principal
> 05/31/07 13:38:31  05/31/07 23:38:31  krbtgt/ADTEST.COM at ADTEST.COM
>    renew until 06/01/07 13:38:31
> 05/31/07 13:38:32  05/31/07 23:38:31  adtestserver01$@ADTEST.COM
>    renew until 06/01/07 13:38:31
> 
> Does this matter?  is kadmin/changepw at ADTEST.COM required?

The list of tickets is fine.  The join procedure change in 3.0.23
or so IIRC



- --
cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGZDvbIR7qMdg1EfYRAvh4AKDBjN4ngREi7SW9Mho2e+++ZH0jzgCg9GTC
czviVamdY8FNBAhgr+2XlBM=
=Vknt
-----END PGP SIGNATURE-----

More information about the samba mailing list