[24468] in Kerberos
After net ads join, kinit fails: Client not found...
daemon@ATHENA.MIT.EDU (P V)
Wed Aug 17 15:08:25 2005
Message-ID: <20050817165154.26794.qmail@web35310.mail.mud.yahoo.com>
Date: Wed, 17 Aug 2005 09:51:53 -0700 (PDT)
From: P V <ditirambo_farfulla@yahoo.com>
To: Kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu
I'm installing Samba with Security ADS (compiled
--with-winbind --with-ads --with-ldap --with-krb5) on
Solaris 8, for connect with ActiveDirectory W2K.
First, I created in AD Windows an account with the
same name that my solaris host and generated the
keytab with this:
C:\temp>ktpass princ host/mysolarishost@DOMAIN.COM.MX
mapuser mysolarishost -pass ad_user_pwd out
file.keytab
And add the file to /etc/krb5/krb5.keytab with
kerberos/sbin/ktutil
I ran kinit host/mysolarishost@DOMAIN.COM.MX, and it
asked me for a password (ad_usr_pwd) and all right.
Then I ran net ads join -U Administrator.
It asked for password and sent:
Using short domain name -- DOMAINNETBIOS
Joined 'MYSOLARISHOST' to realm 'DOMAIN.COM.MX'
After this, I ran SMB daemons. In log.smbd I get:
[2005/08/16 19:12:48, 0] smbd/server.c:main(802)
smbd version 3.0.20rc1 started.
Copyright Andrew Tridgell and the Samba Team
1992-2004
[2005/08/16 19:12:48, 0]
libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password
host/MYSOLARISHOST@DOMAIN.COM.MX failed: Client not
found in Kerberos database
If I run kinit host/mysolarishost@DOMAIN.COM.MX, I
get this message:
kinit(v5): Client not found in Kerberos database while
getting initial credentials
So, the problem is when a run net ads join. After
that the authentication with AD W2K is broken. If I
delete the computer account in AD W2K, the kinit
command works again.
Any idea?
Here my configuration files:
smb.conf:
[global]
workgroup = DOMAINNETBIOS
netbios name = mysolarishost
idmap uid = 10000-20000
idmap gid = 10000-20000
security = ads
realm = DOMAIN.COM.MX
password server = adw2kserver.domain.com.mx
----------------------------------------------
krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM.MX
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
[realms]
DOMAIN.COM.MX = {
kdc = adw2kserver.domain.com.mx
kdc = otherADw2kserver.domain.com.mx
admin_server =
ad2kserver.domain.com.mx
default_domain = domain.com.mx
}
[domain_realm]
domain.com.mx = DOMAIN.COM.MX
.domainnetbios = DOMAIN.COM.MX
domainnetbios = DOMAIN.COM.MX
-----------------------------------------------
nsswitch:
passwd: files winbind
group: files winbind
hosts: files wins
shadow: files winbind
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos