On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote: > You must authenticate using kinit first, and then net ads join with no > arguments. > then start winbindd and smb.
No, this isn't required. If you don't kinit first, 'net' does it for you, using the password is asks for. The issue is exactly as jerry points out - the kerberos libs can't find the KDC, and without that, we can go nowhere. > I've posted extensively about this - search the archives. > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jonathan Villa wrote: > > > [global] > > workgroup = OURDOMAIN > > security = ADS > > realm = OURDOMAIN.com > > password server = OURSERVER > .... > > > > When I try to join the domain I do the following: > > > > ./net ads join -w OURDOMAIN -U administrator > > > > and the response is this > > > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > > find KDC for requested realm > > This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf > or enable DNS SRV lookups in the krb5 libs. Hope this helps. -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
