On 01/14/10 12:15 AM, Espen Martinsen wrote: > Hi, > Earlier I've used kclient to join a domain based in a w2003 AD server, > with great success after implementation of the -T ms_ad function in kclient. > > Now, my employeer has swithced to a win2008 AD server, and I'm not able to > join the domain anymore. > > Do anyone have any hints/workarounds? > > #kclient -n -R AD.MYDOMAIN.NO -a admuser -T ms_ad > Starting client setup > > --------------------------------------------------- > > Setting up /etc/krb5/krb5.conf. > > Attempting to join 'MYMACHINE' to the 'AD.MYDOMAIN.NO' domain. > > Password for admuser at AD.MYDOMAIN.NO: > ldap_sasl_interactive_bind_s: Strong authentication required > ldap_sasl_interactive_bind_s: additional info: 00002028: LdapErr: > DSID-0C0901FC, comment: The server requires binds to turn on integrity > checking if SSL\TLS are not already active on the connection, data 0, v1db0 > Can't find forest. > --------------------------------------------------- > Setup FAILED. > > # > > the user "admuser" has permissons to do this, and the password is correct. > I think I need somehow to tell kclient to use LDAP/TLS and LDAP simple BIND > instead of SASL, it might work, but how??? >
kclient(1M) is hard-coded to use the sasl/GSSAPI authentication method. Have you restricted the w2k8 server to something other than this method? -- Shawn.
