Samba Active Directory Problem

Neil Loffhagen neilloffhagen at gmail.com
Thu Jul 26 14:53:35 GMT 2007 

Hi John,

I'm not an expert on this so may be off track, but when i look at your
kerberos config you have the kdc, admin_server and the domain as the same:

[realms]
    CORREO.LOCAL = {
        kdc = TEST.ORG <http://test.org/>
        admin_server = TEST.ORG <http://test.org/>
        default_domain = TEST.ORG <http://test.org/>
I think the admin_server should have a server name in front of the TEST_ORG,
as in SERVER_NAME.TEST.ORG, same for the kdc?

Worth a try?

Neil.


On 26/07/07, John Abriel <johncashsmb at yahoo.com> wrote:
>
> Hello,
>
> I have installed Samba 3.0.24 on Ubuntu 7.04 along with Winbindd hoping I
> could join this workstation in our Active Directory but unfortunately I
> encountered a few problems that I will describe below:
>
> 1) When I run net ads test join -U Administrator I get the following
> error:
>
> [2007/07/26 11:20:59, 0] libads/kerberos.c:ads_kinit_password(208)
>   kerberos_kinit_password BANONICAL$@TEST.ORG failed: Client not found in
> Kerberos database
> [2007/07/26 11:20:59, 0] utils/net_ads.c:ads_startup(289)
>   ads_connect: Client not found in Kerberos database
> Join to domain is not valid
>
> BANONICAL is the name of the client computer where Samba and Winbind are
> installed, I dont know why it says "Client not found" Im just trying to join
> the box to our REALM. I have a valid Kerberos ticket and I obtained with
> kinit Administrator at TEST.ORG
>
> net ads info works just fine, net ads lookup works fine too, wbinfo -u
> does not.
>
> Below is a copy of my kerberos config:
>
> [logging]
>     default = SYSLOG:err:auth
>     kdc = SYSLOG:info:locall
>     admin-server= SYSLOG:info:local2
>
> [libdefaults]
>     ticket_lifetime = 24000
>     default_realm = TEST.ORG
>
> [realms]
>     CORREO.LOCAL = {
>         kdc = TEST.ORG
>         admin_server = TEST.ORG
>         default_domain = TEST.ORG
> }
>
> [domain_realm]
>      .test.org = TEST.ORG
>      test.org = TEST.ORG
>
> And this is a copy of my smb.conf file:
>
> [global]
> workgroup = TEST.ORG
> wins server = 10.1.10.51 10.1.10.54
> dns proxy = no
> name resolve order = lmhosts host wins bcast dns
> log file = /var/log/samba/log.%m
> max log size = 1000
> security = ads
> encrypt passwords = true
> obey pam restrictions = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> realm = TEST.ORG
> #smb passwd file = /etc/samba/smbpasswd
> password server = TEST.ORG
> client signing = yes
> idmap uid = 500-10000000
> idmap gid = 500-10000000
> server signing = mandatory
> pam password change = yes
> winbind separator = +
> winbind enum users = no
> winbind enum groups = no
> winbind use default domain = yes
> winbind offline logon = yes
> winbind refresh tickets = yes
> winbind cache time = 10
> template homedir = /home/%U
> template shell = /bin/bash
> client use spnego = no
> domain master = no
> server string = Ubuntu Linux
>
> DNS is well configured on the client. I just dont know what could be
> wrong, help on this matter will be extremely appreciated.
>
> Thanks, John
>
>
> ------------------------------
> Got a little couch potato?
> Check out fun summer activities for kids.<http://us.rd.yahoo.com/evt=48248/*http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz>
>
> ------------------------------
> Get the Yahoo! toolbar and be alerted to new email
> <http://us.rd.yahoo.com/evt=48225/*http://new.toolbar.yahoo.com/toolbar/features/mail/index.php>wherever
> you're surfing.
>
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the smb-clients mailing list