On Fri, Apr 19, 2013 at 11:27 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Fri, Apr 19, 2013 at 11:03:02AM +0200, Natxo Asenjo wrote: > > hi, > > > > while following the instructions in > > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html > > > > I run step 9: > > > > smbclient -L kdc.ipa.asenjo.nx -k > > lp_load_ex: changing to config backend registry > > Connection to kdc.ipa.asenjo.nx failed (Error > NT_STATUS_CONNECTION_REFUSED) > > > > I have a valid ticket: > > > > # klist > > Ticket cache: FILE:/tmp/krb5cc_0 > > Default principal: ad...@ipa.asenjo.nx > > > > Valid starting Expires Service principal > > 04/19/13 08:46:48 04/20/13 08:46:48 krbtgt/ipa.asenjo...@ipa.asenjo.nx > > 04/19/13 08:56:59 04/20/13 08:46:48 > HTTP/kdc.ipa.asenjo...@ipa.asenjo.nx > > did ipa-adtrust-install finished successfully? > > yes > Can you check if there is a cifs service: > > $ ipa service show cifs/kdc.ipa.asenjo...@ipa.asenjo.nx > # ipa service-show cifs/kdc.ipa.asenjo...@ipa.asenjo.nx Principal: cifs/kdc.ipa.asenjo...@ipa.asenjo.nx Keytab: True Managed by: kdc.ipa.asenjo.nx > the output should show 'Keytab: True' > > > Then please check if samba knows about the keytab and it's content. > > $ net conf list > > should contain 'kerberos method = dedicated keytab' and > 'dedicated keytab file = FILE:/etc/samba/samba.keytab' > > # net conf list | grep keytab kerberos method = dedicated keytab dedicated keytab file = FILE:/etc/samba/samba.keytab > $ klist -ekt /etc/samba/samba.keytab > > should show entries with different encryption types. > Next please try to get a ticket for this service: > > $ kvno cifs/kdc.ipa.asenjo...@ipa.asenjo.nx > > # kvno cifs/kdc.ipa.asenjo...@ipa.asenjo.nx cifs/kdc.ipa.asenjo...@ipa.asenjo.nx: kvno = 1 [root@kdc ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: ad...@ipa.asenjo.nx Valid starting Expires Service principal 04/19/13 08:46:48 04/20/13 08:46:48 krbtgt/ipa.asenjo...@ipa.asenjo.nx 04/19/13 08:56:59 04/20/13 08:46:48 HTTP/kdc.ipa.asenjo...@ipa.asenjo.nx 04/19/13 11:33:19 04/20/13 08:46:48 cifs/kdc.ipa.asenjo...@ipa.asenjo.nx klist should now list the ticket. Please try the smbclient command > agains. > # smbclient -L kdc.ipa.asenjo.nx -k lp_load_ex: changing to config backend registry Connection to kdc.ipa.asenjo.nx failed (Error NT_STATUS_CONNECTION_REFUSED) Thanks, -- groet, natxo
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users