[Samba] Is my kerberos ok with AD?
John Hodrien
johnh at comp.leeds.ac.uk
Fri Feb 1 12:34:01 GMT 2008
On Fri, 1 Feb 2008, Francis Galiegue wrote:
> Le vendredi 01 février 2008, Serbülent ÜNSAL a écrit :
>> Hi all,
>>
>> I can get a kerberos ticket sucessfully from my AD server, and i can check
> it
>> with klist. ( with "# kinit Administrator at domain.LOCAL" )
>>
>> But when i try to login to AD with "# net ads join -U administrator" system
>> ask for administrator password again. I think this isn't normal behavior.
>>
>> Is my kerberos system ok ? Or asking password again points a problem in
>> configuration.
>>
>
> Uhm, OK, I've only ever had to connect a Samba server to an ADS domain once,
> but all I had to type was "net ads join". The ticket was the authentication
> credentials all by itself (also obtained with kinit), I didn't have to
> specify -U theuser.
>
> What if you skip the -U option?
That would, I assume, also require your krb5.conf to be correct. If it
thought that the KDC was not in the right domain it'd prompt for password.
jh
--
"It is the final proof of God's omnipotence that he need not exist in order to
save us." -- Peter De Vries
More information about the samba
mailing list