On 01/04/10 18:06, Jordan Brown wrote:
Sassy Natan wrote:
Let me to understand if I did it in the right order
I did the following:
...
Configure the kerberos so I can authenticate using the kerberos protocol.
To test it I run the command kinit "[email protected]" or
"kinit Administrator" and this seems to work fine (klist show the
active ticket)
It is also working for user XXXX.
Your /etc/krb5/krb5.conf doesn't look right. Based on the cifs-gendiag,
your file should appear as shown below. Note that the contents are
case-sensitive and the only changes I made below were to change the case
of some text.
Edit krb5.conf file by hand (don't run kinit or anything that will stomp
on /etc/krb5/krb5.conf) then join the AD domain using smbadm:
smbadm join -u [email protected]
Check the log for dyndns/GSS errors. If you see any errors, disable both
idmap and smb/server then enable them again:
svcadm disable idmap smb/server
svcadm enable -r smb/server
Alan
--
[libdefaults]
default_realm = DOMAIN.LOCAL
[realms]
DOMAIN.LOCAL = {
kdc = dc.domain.local
kpasswd_server = dc.domain.local
admin_server = dc.domain.local
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable = true
}
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
