I wonder if that means that you didn't join the domain, or you aren't joining with a domain admin account, or you aren't performing operations using an the credentials of a domain user.
Check you have the libs. smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. Does /etc/krb5.conf look correct for your domain? Check you have the libs. smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. Time must be (i think) within 15 min between kdc and client net ads info # Show AD info including time date # Check time on local host Test if the client has been joined to the domain. net ads testjoin # Shows join is ok If you run the following command without specifying a valid domain '--user=', or the password is incorrect, you will see this: "...Client not found in Kerberos database" net ads search '(objectCategory=group)' If you try to run the following command with a valid user, you will see a huge dump. net --user=myuser ads search '(objectCategory=group)' On Thu, 2009-07-30 at 09:26 -0500, Hoover, Tony wrote: > Have you configured your /etc/krb5.conf file? > > > > > > ------------------------------------------------------------------------ > Tony Hoover, Network Administrator > KSU - Salina, College of Technology and Aviation > (785) 826-2660 > > "Don't Blend in..." > ------------------------------------------------------------------------ > > -----Original Message----- > From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > On Behalf Of Gabriel Petrescu > Sent: Thursday, July 30, 2009 8:39 AM > To: John Stile > Cc: samba@lists.samba.org > Subject: Re: [Samba] winbind and getent > > hi:) > > in my case it's working: > > > wbinfo Shows winbind is doing lookups from ADS > > wbinfo -u > > wbinfo -g > > wbinfo -a mydomain+myuser%mypassword > > and i get an error here: > > kinit tests > kinit(v5): Client not found in Kerberos database while getting initial > credentials > > > any advice here? > > gabi > > On Wed, Jul 29, 2009 at 6:58 PM, John Stile<j...@stilen.com> wrote: > > On Wed, 2009-07-29 at 22:33 +1000, tsg-samba wrote: > >> Hi Volker, > >> > >> Yes in smb.conf i have: > >> winbind enum users = Yes > >> winbind enum groups = Yes > > > > getent Shows nsswitch is correct, to resolve ADS users and groups. > > getent passwd > > getent group > > > > wbinfo Shows winbind is doing lookups from ADS > > wbinfo -u > > wbinfo -g > > wbinfo -a mydomain+myuser%mypassword > > > > kinit tests if kerberose can authenticate > > kinit myuser > > > > If 'wbinfo -g' shows MYDOMAIN+Domain Users, > > maybe your share should have a line like: > > valid users = @"MYDOMAIN+Domain Users" > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba