[Samba] samba member server

Eduardo Miranda eduardo at hlg.desoft.cu
Mon Feb 1 16:49:55 UTC 2016


Configuration files are these, I'm using debian 8 and samba 4.3.2

kerberos

[libdefaults]
     default_realm = VIRTUS.CU
     dns_lookup_realm = false
     dns_lookup_kdc = true

Samba

[global]
        netbios name = radius
        security = ADS
        workgroup = CEDAI
        realm = virtus.cu

        log file = /var/log/samba/samba.log
        log level = 1

        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        winbind refresh tickets = yes

        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes

        # idmap config used for your domain.
        # Choose one of the following backends fitting to your
        # requirements and add the corresponding configuration.
        #    idmap config ad
        #  - idmap config rid
        #  - idmap config autorid


The strange is that the kerberos test does not give error


root at radius:/usr/local/samba/bin# kinit eduardo
Password for eduardo at VIRTUS.CU:
Warning: Your password will expire in 44 days on lun 14 mar 2016 
16:25:48 CDT
root at radius:/usr/local/samba/bin# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: eduardo at VIRTUS.CU

Valid starting     Expires            Service principal
29/01/16 15:50:33  30/01/16 01:50:33 krbtgt/VIRTUS.CU at VIRTUS.CU
         renew until 30/01/16 15:50:27

root at radius:/usr/local/samba/bin# kinit administrator
Password for administrator at VIRTUS.CU:
root at radius:/usr/local/samba/bin# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at VIRTUS.CU

Valid starting     Expires            Service principal
29/01/16 15:50:57  30/01/16 01:50:57 krbtgt/VIRTUS.CU at VIRTUS.CU
         renew until 30/01/16 15:50:51
root at radius:/usr/local/samba/bin#


Eduardo

El 28/01/16 a las 13:38, Rowland penny escibiĆ³:
> On 28/01/16 16:58, Eduardo Miranda wrote:
>> Hello:
>>
>> I'm setting up a Samba as a domain member server, but when I run the 
>> command to attach it to my domain server gives me the following error
>>
>> ./net ads join -U administrator
>> Enter administrator's password:
>> Failed to join domain: failed to set machine kerberos encryption 
>> types: No such attribute
>>
>> regards
>>
>> Eduardo
>>
>>
>>
>
> OK, can you post your smb.conf from the domain member, also what OS 
> are you using, what is the DC, also post your /etc/krb5.conf
>
> Rowland
>
>

-- 
M.Sc. Eduardo Miranda Hidalgo
Especialista Superior TIC


More information about the samba mailing list