[Samba] Authentify User again Windows 2003 Active Directory

Weber, Dominik dominik.weber at bs-energy.de
Fri Mar 9 07:51:56 GMT 2007 

Hello List,
 
I'm running Samba 3.0.14a-Debian.
I want to authentifcate the Users again the Windows Active Directory,
but it will not works fine.
 
I've joined the Active Directory without problems.
net join -S sfmdc004 -UP7812%password
 
When I check a user on the CLI it seems to work
 
SFPDF053:~# kinit P7812
P7812 at STBS1.STBS.ORG's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
kinit: converting creds: Cannot contact any KDC for requested realm

But what is about the last message ? Cannot contact any KDC ?
 
 
Here is my config smb.conf:
 

	#======================= Global Settings =======================
	[global]
	   workgroup = STBS1
	   server string = SFPDF084
	   netbios name = SFPDF084
	   comment = PDF-Server
	   security = ADS
	   domain master = no
	   domain logons = no
	   preferred master = no
	   local master = no
	   log file = /var/log/samba/log.%m
	   realm=STBS1.STBS.ORG
	   wins server = 10.10.4.21
	   wins support = no
	   winbind uid = 10000-19999
	   winbind gid = 10000-19999
	   idmap uid = 10000-20000
	   idmap gid = 10000-20000
	   winbind enum users = No
	   winbind enum groups = No
	   winbind use default domain = No
	   algorithmic rid base = 10000
	   nis homedir = true
	   invalid users = root
	   max log size = 1000
	   socket options = TCP_NODELAY
	   encrypt passwords = yes
	   os level = 64
	   obey pam restrictions = yes
	   printing = cups
	   printcap = cups
	   load printers = yes
	   name resolve order = hosts lmhosts wins bcast
	   passdb backend = tdbsam
	 
	#======================= Share Definitions
=======================
	 
	[treiber]
	    path = /var/www/treiber
	    comment = Treiberordner
	    public = Yes
	    writable = Yes
	    browsable = yes
	    create mask = 0777
	    directory mask = 0777


 
and here /etc/krb5.conf
 

	[libdefaults]
	    default_realm = STBS1.STBS.ORG
	    dns_lookup_realm = false
	[realms]
	    STBS1.STBS.ORG = {
	                    kdc = tcp/sfmdc004.stbs1.stbs.org
	                    admin_server = sfmdc004.stbs1.stbs.org
	    }
	 
	[domain_realm]
	    .stbs.org = STBS1.STBS.ORG
	    .stbs1.stbs.org = STBS1.STBS.ORG
	

 
With Kind regards 
 
Dominik

More information about the samba mailing list