OK, this is closer. Change [realms] kpasswd_server to admin_server.
I also believe that [domain realm] should read: ellisonlegal.com = ELLISONLEGAL.COM .ellisonlegal.com = ELLISONLEGAL.COM I would add to [libdefaults]: dns_lookup_realm = true dns_lookup_kdc = true Try this and report back (like a good IT soldier :-) ) Dimitri On Monday 11 April 2005 10:58 am, you wrote: > Ok I deleted the incorrect conf file and set it up using Yast again here is > the amended file. I tried using the IP address of the server this time but > I'm still getting the same errors as before. > > [libdefaults] > > default_realm = ELLISONSLEGAL.COM > > clockskew = 300 > > [domain_realm] > > .ELLNET = ELLISONSLEGAL.COM > > [realms] > > ELLISONSLEGAL.COM = { > > kdc = 10.0.0.31 > > default_domain = ELLNET > > kpasswd_server = 10.0.0.31 > > } > > [appdefaults] > > pam = { > > ticket_lifetime = 1d > > renew_lifetime = 1d > > forwardable = true > > proxiable = false > > retain_after_close = false > > minimum_uid = 0 > > } > > > > Thanks > > -----Original Message----- > From: Penny Willisson > Sent: 11 April 2005 14:43 > To: 'Gordon Hopper'; '[EMAIL PROTECTED]' > Cc: Dimitri Yioulos; samba@lists.samba.org > Subject: RE: [Samba] net ads join fails > > > I have recreated my dns pointers without success and I think my krb5.conf > file is configured correctly. First I left this to Yast to set up but that > didn't work and then I tried to modify it from a article I found. > > I have pasted it in below > [libdefaults] > > #default_realm = ellisonslegal.com > > clockskew = 300 > > [realms] > > ELLISONSLEGAL.COM = { > > kdc = apps.ellisonslegal.com > > #default_domain = ELLNET > > #kpasswd_server = apps.ellisonslegal.com > > } > > #ELLISONSLEGAL.COM = { > > # kdc = APPS.ELLISONSLEGAL.COM > > # admin_server = APPS.ELLISONSLEGAL.COM > > # kpasswd_server = APPS.ELLISONSLEGAL.COM > > #} > > #OTHER.REALM = { > > # kdc = OTHER.COMPUTER > > #} > > [domain_realm] > > # .my.domain = MY.REALM > > .ellisonslegal.com = ELLISONSLEGAL.COM > > [logging] > > default = SYSLOG:NOTICE:DAEMON > > kdc = FILE:/var/log/kdc.log > > kadmind = FILE:/var/log/kadmind.log > > [appdefaults] > > pam = { > > ticket_lifetime = 1d > > renew_lifetime = 1d > > forwardable = true > > proxiable = false > > retain_after_close = false > > minimum_uid = 0 > > debug = false > > } > > > Dimitri would you be able to repost that link for the HOW-TO please? I > tried it but it seems like it is broken, do you have the updated link? > > Thanks for your continued help. > > Penny > > -----Original Message----- > From: Gordon Hopper [mailto:[EMAIL PROTECTED] > Sent: 09 April 2005 00:23 > To: Penny Willisson > Subject: RE: [Samba] net ads join fails > > > You might need to add some entries to your krb5.conf file. for example: > > [realms] > ellisonslegal.com = { > kdc = domain.controller.ellisonslegal.com:88 > } > > > Where kdc points to a domain controller. Doesn't need to be the primary > domain controller, choose one close by for best performance. (You > shouldn't need to do this if your DNS for the domain resolves to a domain > controller.) > > Gordon > > > > On Fri, 2005-04-08 at 15:41 +0100, Penny Willisson wrote: > > Thanks > > > > When I run 'kinit administrator' I get the following error > > > > kinit: krb5_get_init_creds: unable to reach any KDC in realm > ellisonslegal.com > > > > any ideas??? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto: [EMAIL PROTECTED] Behalf Of > > Dimitri Yioulos > > Sent: 08 April 2005 13:30 > > To: samba@lists.samba.org > > Subject: Re: [Samba] net ads join fails > > On Friday 08 April 2005 07:46 am, Penny Willisson wrote: > > Hi > > > > > > > > I have created the machine account on the AD server and did this logged > > in > > > > as Administrator so that should mean that the Administrator account has > > the > > > > correct permissions. > > > > > > > > I have executed the following command as suggested > > > > > > > > net ads join [EMAIL PROTECTED] -d 2 > > > > > > > > The following was output to the screen: > > > > > > > > [2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81) > > > > > > > > added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0 > > > > > > > > [2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146) > > > > > > > > kerberos_kinit_password [EMAIL PROTECTED] failed: > > > > Unknown code krb5 156 > > > > > > > > [2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191) > > > > > > > > ads_connect: Unknown code krb5 156 > > > > > > > > [2005/04/08 13:33:41, 2] utils/net.c:main(897) > > > > > > > > return code = -1 > > > > > > > > Thanks > > > > > > > > Penny > > > > > > > > -----Original Message----- > > > > From: Gordon Hopper [mailto: [EMAIL PROTECTED] > > > > Sent: 06 April 2005 05:28 > > > > To: Penny Willisson > > > > Subject: Re: [Samba] net ads join fails > > > > > > > > > > > > > > > > [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381) > > > > > > > > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or > > directory) > > > > > > > > [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146) > > > > > > > > kerberos_kinit_password [EMAIL PROTECTED] failed: > > Unknown > > > > code krb5 156 > > > > > > > > [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191) > > > > > > > > ads_connect: Unknown code krb5 156 > > > > > > > > > > > > > > > > > > > > I suggest you post the output of the command you are running to join the > > > > domain (including the command), for example, "net ads join -U > > > > [EMAIL PROTECTED] -d 2". > > > > > > > > Also, note that the credentials you use to join the domain are not > > > > necessarily the domain Administrator, but they need to be a user who has > > > > write privileges to the ads folder where the machine account will be > > > > created. (It worked better for me when the machine account was already > > > > created in server manager, but according to the docs, that shouldn't be > > > > necessary.) > > > > > > > > It almost looks like the password failed. Or perhaps the folde > > > > r you > > > > specified for the machine account does not exist. > > > > > > > > Regards, > > > > > > > > Gordon Hopper > > Try the command "kinit Administrator" (or [EMAIL PROTECTED]"). > You > > should be prompted for a password. If, after entering the password, you're > > returned to a prompt with no further output then, in theory at least, your > > Kerberos setup is OK. If you get errors, well ... Run that first, then try > > "net ads join -U [EMAIL PROTECTED] > > > > A good how-to can be found at: > http://www.ulug.org.nz/ActiveDirectorySamba. > > > > HTH. > > > > Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba