[Samba] Is my kerberos ok with AD?

John Hodrien johnh at comp.leeds.ac.uk
Fri Feb 1 12:34:01 GMT 2008

On Fri, 1 Feb 2008, Francis Galiegue wrote:

> Le vendredi 01 février 2008, Serbülent ÜNSAL a écrit :
>> Hi all,
>> I can get a kerberos ticket sucessfully from my AD server, and i can check
> it
>> with klist. ( with "# kinit Administrator at domain.LOCAL" )
>> But when i try to login to AD with "# net ads join -U administrator" system
>> ask for administrator password again. I think this isn't normal behavior.
>> Is my kerberos system ok ? Or asking password again points a problem in
>> configuration.
> Uhm, OK, I've only ever had to connect a Samba server to an ADS domain once,
> but all I had to type was "net ads join". The ticket was the authentication
> credentials all by itself (also obtained with kinit), I didn't have to
> specify -U theuser.
> What if you skip the -U option?

That would, I assume, also require your krb5.conf to be correct.  If it
thought that the KDC was not in the right domain it'd prompt for password.


"It is the final proof of God's omnipotence that he need not exist in order to
  save us."                                           -- Peter De Vries

More information about the samba mailing list