[Samba] kerberos @ samba4 DC

Rafa Toucedo debian.vigo at gmail.com
Wed Dec 1 04:23:47 MST 2010


Hello, when I try to put my SAMBA4 as DC from a domain controller in windows
2000

/usr/local/samba # bin/samba-tool join (WINDOWS 2000 DOMAIN). DC
-U(USER)@(WINDOWS 2000 DOMAIN)%(PASSWORD) --realm=(WINDOWS 2000 DOMAIN). -d5

throws me the following error:

Failed to get CCACHE for GSSAPI client: KDC has no support for encryption
type
Aquiring initiator credentials failed: kinit for ADMCONST at DOMD4086 failed
(KDC has no support for encryption type: KDC has no support for encryption
type)
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL


My krb5.conf is as follows:

[libdefaults]
        default_realm = (WINDOWS 2000 DOMAIN)
        dns_lookup_realm = true
        dns_lookup_kdc = true
        clockskew = 300
        default_keytab_name  = FILE:/home/pilote/rafa.keytab
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc

[realms]
(WINDOWS 2000 DOMAIN) = {
        kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88
}

[logging]
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON

[appdefaults]
pam = {
        debug = false
        ticket_lifetime = 1d
        renew_lifetime = 1d
        forwardable = true
        krb4_convert = false
        proxiable = false
        minimum_uid = 1
        external = sshd
        use_shmem = sshd
}


I'm desperate!
-- 
P Antes de imprimir este e-mail, piense si es necesario hacerlo. El medio
ambiente es cosa de todos.
Think twice before printing this e-mail. Environmental protection is in our
hands.


More information about the samba mailing list