Nope. Something odd here? I'm not getting any messages out of Kerberos - I've set the logging to STDERR or CONSOLE and don't see anything at all. Also, when I run "klist tickets" on the KDC I notice that what tickets are listed use rc4-hmac encryption; I added that to the list of enctypes but it didn't seem to make any difference. Yet I still see a ticket on my Linux system when I run klist.
--- [EMAIL PROTECTED] wrote: > > > > > okay, try this: > > Linux: > $> kdestroy > $> kinit Administrator > > Windows: > (1) C:/where/ever/klist purge -- [default place is > c:/program > files/resource kit/klist.exe] > (You'll need to download this from microsoft: > http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/klist-o.asp) > > (2) Clear the NetBIOS cache again (I'm > superstitious): nbtstat -R > > -- > > Linux: > > $> vi /etc/hosts -> add: xxx.xxx.xxx.xxx > host.domain.name netbios_name > [of your ADS/KDC server] > $> net join ads > - if you get "Administrator password" you're good > to go. > - if you get "root password" you're encryption > settings are wrong (or at > least that was my problem). > > > Let's see what we get. > > > Tracy Steven Brown > University of Arizona > Dept. Neurology > (520) 626-4660 > > > > > > Joe Howell > > <[EMAIL PROTECTED] > > o.com> > To > > [EMAIL PROTECTED] > 02/11/2004 01:04 > cc > PM > > > Subject > Re: [Samba] > Unable to join ADS > domain > > > > > > > > > > > > > > > > > > No bueno. I changed the enctypes and took the > "encrypt passwords=yes" out, > but still no reply and no computer account..... > > [EMAIL PROTECTED] wrote: > > > > > > [libdefaults] > default_realm =MYDOMAIN.COM > clockskew = 300 > default_tkt_enctypes = des-cbc-crc > default_tgs_enctypes = des-cbc-crc > > > Change the enctypes to: des-cbc-crc as shown above. > Also, if you do a > testparam I'll bet that the encrypt passwords = yes > entry is going to give > you grief. Besides kerberos is encrypted anyway. > Another thing to consider > is flushing the NetBIOS cache on your wins and kdc > server - don't know if > this does anything, but it makes me feel better > (nbtstat -R). > > Tracy Steven Brown > University of Arizona > Dept. Neurology > (520) 626-4660 > > > > > Joe Howell > o.com> To > Sent by: [EMAIL PROTECTED] > samba-bounces+tsb cc > [EMAIL PROTECTED] > sts.samba.org Subject > [Samba] Unable to join ADS domain > > 02/11/2004 12:05 > PM > > > > > > > > I've installed Samba 3.0.2 (from the source) on a > SuSE > 8.2 system with MIT Kerberos 1.3.1 (I uninstalled > the > Heimdal code) and the OpenLDAP 2.1.27 development > libraries installed on it. I want to make this > system > a domain member of a Win2K native-mode ADS domain > but > can't get "net ads join" to work. I've run "kinit > [EMAIL PROTECTED]" and I get at ticket, but when I > do > "net ads join -Umyid%mypswd" I get no output from > the > command and I don't get a machine account in the > domain. > > My /etc/krb5.conf looks like: > logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm =MYDOMAIN.COM > clockskew = 300 > default_tkt_enctypes = des-cbc-crc des-cbc-md5 > default_tgs_enctypes = des-cbc-crc des-cbc-md5 > > [realms] > MYDOMAIN.COM = { > kdc = DCSRV1.MYDOMAIN.COM:88 > admin_server = dcsrv1.mydomain.com:749 > default_domain = mydomain.com > } > [domain_realm] > .mydomain.com = MYDOMAIN.COM > mydomain.com = MYDOMAIN.COM > > > My /usr/local/samba/lib/smb.conf looks like: > > [global] > realm = MYDOMAIN.COM > security = ads > password server = 10.4.1.13 > workgroup = MYDOMAIN > netbios name = susesrv > server string = SAMBA SERVER > encrypt passwords = yes > > printcap name = /etc/printcap > load printers = yes > printing = cups > > log file = /var/log/samba/%m.log > max log size = 10000 > > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > > local master = no > domain master = no > preferred master = no > wins server = 10.4.1.60 > dns proxy = no > > #===============SHARE > DEFINITIONS======================= > > [public] > path = /usr/public > browseable = yes > writeable = yes > guest ok = no > > [printers] > path = /var/spool/samba > browseable = yes > writeable = no > guest ok = yes > printable = yes > > .COM > security = ads > password server = 10.4.1.13 > workgroup = COLUMBIA > netbios name = susesrv > server string = IBM Aptiva in Joe's cube > encrypt passwords = yes > > printcap name = /etc/printcap > load printers = yes > printing = cups > > log file = /var/log/samba/%m.log > max log size = 10000 > > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > > local master = no > domain master = no > preferred master = no > wins server = 10.4.1.60 > dns proxy = no > > #===============SHARE > DEFINITIONS======================= > > [public] > path = /usr/public > browseable = yes > writeable = yes > guest ok = no > > [printers] > path = /var/spool/samba > browseable = yes > writeable = no > guest ok = yes > printable = yes > > > > ===== > Joe Howell > Shelter Insurance Companies > Columbia, MO > > __________________________________ > Do you Yahoo!? > Yahoo! Finance: Get your refund fast by filing > online. > http://taxes.yahoo.com/filing.html > -- > To unsubscribe from this list go to the following > URL and read the > instructions: > http://lists.samba.org/mailman/listinfo/samba > > > > Joe Howell > Shelter Insurance Companies > Columbia, MO > > > Do you Yahoo!? > Yahoo! Finance: Get your refund fast by filing > online > > > ===== Joe Howell Shelter Insurance Companies Columbia, MO __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
