net ads join -U [EMAIL PROTECTED] 'Klienter\IT\MatNat\IFT\Samba Servers\IT-gruppen'
[EMAIL PROTECTED]'s password:
[2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367)
ads_add_machine_acct: Host account for iftsmb100 already exists - modifying old account
Using short domain name -- KLIENT
[2004/12/02 15:34:39, 0] libads/kerberos.c:get_service_ticket(335)
get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@KLIENT.UIB.NO failed: Preauthentication failed
*** glibc detected *** free(): invalid pointer: 0x00632800 ***
Fedora Core 3, Samba 3.0.9 as installed by yum.
# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
12/02/04 14:45:02 12/03/04 00:45:04 krbtgt/[EMAIL PROTECTED]
renew until 12/03/04 14:45:02
Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached
I have tried removing the definition in the AD server and recreating. Samba manages to create the account, but still fails like above. Note the double @KLIENT.UIB.NO. I think I'll go home now and take a break while my head clears after fighting with security = ads for 2 days...
In this AD environment hosts are defined in KLIENT.UIB.NO, while users belong to either UIB.NO or STUDENT.UIB.NO (a separate forest with trust relationships). I have had it working as far as wbinfo listing users from both worlds, but I still couldn't access shares. Then something broke, and now I can't join the domain again. What have I done wrong here?
My config files are at
http://www.ift.uib.no/~birger/krb5.conf and http://www.ift.uib.no/~birger/smb.conf
-- birger
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
