On Thu, 2004-07-29 at 10:08, Tran Charles A Civ OC-ALC/ITMA wrote: > We have serveral RHEL 3.0 Update 2 servers running Samba. > These have been working flawlessly for several months.. > > Recently, the base upgraded all the Windows 2000 servers > to Windows 2003.. > NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..) > > Previous to the Domain (and kdc) controllers to 2003 we had > no issues joining a new Samba Sever to the ADS.. > > Using the same krb5.conf and kdc.conf and smb.conf file.. it > is no longer possible to join a Samba 3.0 server to the domain.. > > Any help direction is appreciated.. > VR > Charles > > Samba packages > ------------- > samba-common-3.0.4-6.3E > samba-3.0.4-6.3E > samba-client-3.0.4-6.3E > > Kerberos Packages.. > ----------------- > pam_krb5-1.73-1 > krb5-libs-1.2.7-24 > krb5-workstation-1.2.7-24 > krbafs-1.1.1-11 > krbafs-utils-1.1.1-11 > krb5-server-1.2.7-24 > krbafs-devel-1.1.1-11 > krb5-devel-1.2.7-24
First off, you need to use MIT kerberos v1.3.x, install it (I had to use source to do this. v1.3.4 works nice. I just left the RHES krb5 stuff inplace. as then it feels just like it was compiled for it. I used a fugly configure line, for kerberos. You will prolly have to do the same for krbafs. I also updated the pam_smb and pam_krb5 packages from Fedora Core (got the src rpm and did a rpmbuild --rebuild on it) Your samba should be okay, but given that 3.0.5 was just release last week Wednesday as a security release... dunno. I had many little problems at MIT krb5 v1.2.7. Why I went to v1.3.4. You might also try the "currently broken" option called: spnego = Yes It may or may not work. If you want to know the configure options I used... let me know. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
