Hi, I *think* I had this issue. This was during my 1st setup, when I reset the administrators password it worked fine afterwards.
Also look on the AD and make sure it actually joined the domain. Cheers Ross -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of P V Sent: 17 August 2005 15:33 To: samba@lists.samba.org Subject: [Samba] After net ads join, kinit fails: Client not found... I'm installing Samba with Security ADS (compiled --with-winbind --with-ads --with-ldap --with-krb5) on Solaris 8, for connect with ActiveDirectory W2K. First, I created in AD Windows an account with the same name that my solaris host and generated the keytab with this: C:\temp>ktpass princ host/[EMAIL PROTECTED] mapuser mysolarishost -pass ad_user_pwd out file.keytab And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil I ran kinit host/[EMAIL PROTECTED], and it asked me for a password (ad_usr_pwd) and all right. Then I ran net ads join -U Administrator. It asked for password and sent: Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to realm 'DOMAIN.COM.MX' After this, I ran SMB daemons. In log.smbd I get: [2005/08/16 19:12:48, 0] smbd/server.c:main(802) smbd version 3.0.20rc1 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/08/16 19:12:48, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password host/[EMAIL PROTECTED] failed: Client not found in Kerberos database If I run kinit host/[EMAIL PROTECTED], I get this message: kinit(v5): Client not found in Kerberos database while getting initial credentials So, the problem is when a run net ads join. After that the authentication with AD W2K is broken. If I delete the computer account in AD W2K, the kinit command works again. Any idea? Here my configuration files: smb.conf: [global] workgroup = DOMAINNETBIOS netbios name = mysolarishost idmap uid = 10000-20000 idmap gid = 10000-20000 security = ads realm = DOMAIN.COM.MX password server = adw2kserver.domain.com.mx ---------------------------------------------- krb5.conf: [libdefaults] ticket_lifetime = 24000 default_realm = DOMAIN.COM.MX default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms] DOMAIN.COM.MX = { kdc = adw2kserver.domain.com.mx kdc = otherADw2kserver.domain.com.mx admin_server = ad2kserver.domain.com.mx default_domain = domain.com.mx } [domain_realm] domain.com.mx = DOMAIN.COM.MX .domainnetbios = DOMAIN.COM.MX domainnetbios = DOMAIN.COM.MX ----------------------------------------------- nsswitch: passwd: files winbind group: files winbind hosts: files wins shadow: files winbind __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba