Brian, it is Windows 2003/R2. The config for samba is straightup just from the global section. The exact problem I'm having is the net ads is unable to create the kerberos keytab and I hate to run ktpass and etc from the win KDC and install them. Even if I did the ktpass, the tix are not working....I get constant error 'server not found in kerberos database' whenever attempting to login.
[global] workgroup = WKG netbios name = HOST security = ads password server = x.domain.com use kerberos keytab = true realm = DOMAIN.COM [2009/05/11 22:33:30, 10] lib/util.c:(2957) name_to_fqdn: lookup for HOST -> HOST.domain.com [2009/05/11 22:33:30, 3] libads/ldap.c:(2471) ads_domain_func_level: 2 [2009/05/11 22:33:30, 3] libads/kerberos.c:(337) kerberos_secrets_store_des_salt: Storing salt "host/[email protected]" [2009/05/11 22:33:30, 2] libads/kerberos_keytab.c:(260) ads_keytab_add_entry: Using default system keytab: FILE:/etc/krb5/krb5.keytab [2009/05/11 22:33:30, 5] libads/ldap.c:(1422) ads_get_kvno: Searching for host HOST [2009/05/11 22:33:30, 5] libads/ldap.c:(1440) ads_get_kvno: Using: CN=host,OU=NewComputers,DC=domain,DC=com [2009/05/11 22:33:30, 5] libads/ldap.c:(1459) ads_get_kvno: Looked Up KVNO of: 7 [2009/05/11 22:33:30, 3] libads/kerberos_keytab.c:(65) smb_krb5_kt_add_entry: Will try to delete old keytab entries [2009/05/11 22:33:30, 5] libads/kerberos_keytab.c:(105) smb_krb5_kt_add_entry: Found old entry for principal: host/[email protected] (kvno 7) - trying to remove it. [2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(116) smb_krb5_kt_add_entry: krb5_kt_remove_entry failed (Cannot write to specified key table) [2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(346) ads_keytab_add_entry: Failed to add entry to keytab file [2009/05/11 22:33:30, 1] libads/kerberos_keytab.c:(508) ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'. [2009/05/11 22:33:30, 1] utils/net_ads.c:(1644) Error creating host keytab! Joined 'HOST' to realm 'DOMAIN.COM' [2009/05/11 22:33:30, 2] utils/net.c:(1036) return code = 0 On Mon, May 11, 2009 at 10:16 PM, Brian H. Nelson <[email protected]> wrote: > Ravi, > > You don't mention which version of AD your are working with or include any > relevant config files. Both would be helpful. > > Also, it might just be me, but I'm not clear on exactly what problem you're > having. Maybe you could clarify, list error messages, etc. > > You might want to get Solaris patch 119757-14 which gives you samba 3.0.33. > I don't know if it will help. I had no problems with samba 3.0.28 on Solaris > 10. > > -Brian > > > Ravi Channavajhala wrote: >> >> The net ads joins the host to the AD, but cant get the proper kerberos >> tix. Manually generating the kerberos keytab from AD dont work. Any >> suggestions? >> >> r...@host /#head -1 /etc/release >> Solaris 10 10/08 s10s_u6wos_07b SPARC >> >> r...@host /usr/sfw/sbin#./smbd -V >> Version 3.0.28 >> >> r...@host /#for PKG in `pkginfo -x | grep -i samba | awk '{print >> $1}'`; do VER=`pkginfo -l ${PKG} | grep PSTAMP`; echo ${PKG} ${VER}; >> done >> SUNWsmbac PSTAMP: sfw10-patch20080310191909 >> SUNWsmbar PSTAMP: sfw10-patch20080723133424 >> SUNWsmbau PSTAMP: sfw10-patch20080723134146 >> >> Last few relevant lines from net ads with -d10 level debugging. >> >> [2009/05/11 20:13:20, 10] libsmb/clientgen.c:(395) >> cli_rpc_pipe_close: closed pipe \NETLOGON to machine host.domain.com >> [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(153) >> write_socket(9,39) >> [2009/05/11 20:13:20, 6] libsmb/clientgen.c:(156) >> write_socket(9,39) wrote 39 >> [2009/05/11 20:13:20, 10] lib/util_sock.c:(623) >> got smb length of 35 >> [2009/05/11 20:13:20, 5] lib/util.c:(484) >> [2009/05/11 20:13:20, 5] lib/util.c:(494) >> size=35 >> smb_com=0x71 >> smb_rcls=0 >> smb_reh=0 >> smb_err=0 >> smb_flg=136 >> smb_flg2=51201 >> smb_tid=2050 >> smb_pid=2945 >> smb_uid=2050 >> smb_mid=12 >> smt_wct=0 >> smb_bcc=0 >> [2009/05/11 20:13:20, 10] lib/util.c:(2957) >> name_to_fqdn: lookup for HOST -> HOST.domain.com >> [2009/05/11 20:13:20, 3] libads/ldap.c:(2471) >> ads_domain_func_level: 2 >> [2009/05/11 20:13:20, 3] libads/kerberos.c:(337) >> kerberos_secrets_store_des_salt: Storing salt >> "host/[email protected]" >> [2009/05/11 20:13:21, 2] libads/kerberos_keytab.c:(260) >> ads_keytab_add_entry: Using default system keytab: >> FILE:/etc/krb5/krb5.keytab >> [2009/05/11 20:13:21, 5] libads/ldap.c:(1422) >> ads_get_kvno: Searching for host HOST >> [2009/05/11 20:13:21, 5] libads/ldap.c:(1440) >> ads_get_kvno: Using: CN=HOST,CN=Computers,DC=domain,DC=com >> [2009/05/11 20:13:21, 5] libads/ldap.c:(1459) >> ads_get_kvno: Looked Up KVNO of: 7 >> [2009/05/11 20:13:21, 3] libads/kerberos_keytab.c:(65) >> smb_krb5_kt_add_entry: Will try to delete old keytab entries >> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(152) >> smb_krb5_kt_add_entry: krb5_kt_end_seq_get failed (Bad file number) >> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(346) >> ads_keytab_add_entry: Failed to add entry to keytab file >> [2009/05/11 20:13:21, 1] libads/kerberos_keytab.c:(508) >> ads_keytab_create_default: ads_keytab_add_entry failed while adding >> 'host'. >> [2009/05/11 20:13:21, 1] utils/net_ads.c:(1644) >> Error creating host keytab! >> Joined 'HOST' to realm 'DOMAIN.COM' >> [2009/05/11 20:13:21, 2] utils/net.c:(1036) >> return code = 0 >> > > -- > --------------------------------------------------- > Brian H. Nelson Youngstown State University > System Administrator Media and Academic Computing > bnelson[at]cis.ysu.edu > --------------------------------------------------- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
