On the windows machine, I just set it (again) to what it already was, worked fine after that.
Just looking at your krb5.conf file there are a few differences from mine default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 I don't have either of those and; [realms] DOMAIN.COM.MX = { kdc = adw2kserver.domain.com.mx kdc = otherADw2kserver.domain.com.mx admin_server = ad2kserver.domain.com.mx default_domain = domain.com.mx } I only have the single kdc and it has :88 (port Im guessing) at the end of the kdc line. I have :749 at the end of admin_server I have redhat es3 here, and I didn't do anything as complicated as you it would seem (don't know if solaris makes a difference or not) Simply, Made sure openldap was installed and kerb. Then I configured my /etc/krb5.conf file to point to the right locatation and ran the kinit [EMAIL PROTECTED] Prompted me for a password (which didn't work 1st time, reseting administrator on the Windows box then sorted it) Its worked for me ever since... Sorry I can't be of more help on this Ross -----Original Message----- From: P V [mailto:[EMAIL PROTECTED] Sent: 17 August 2005 17:53 To: Ross McInnes; samba@lists.samba.org Subject: RE: [Samba] After net ads join, kinit fails: Client not found... Hi Ross! Excuse my ignorance, but how can I reset the administrators password? --- Ross McInnes <[EMAIL PROTECTED]> wrote: > > Hi, I *think* I had this issue. This was during my 1st setup, when I > reset the administrators password it worked fine afterwards. > > Also look on the AD and make sure it actually joined the domain. > > Cheers > > Ross > > > -----Original Message----- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of P > V > Sent: 17 August 2005 15:33 > To: samba@lists.samba.org > Subject: [Samba] After net ads join, kinit fails: > Client not found... > > I'm installing Samba with Security ADS (compiled --with-winbind > --with-ads --with-ldap --with-krb5) on Solaris 8, for connect with > ActiveDirectory W2K. > First, I created in AD Windows an account with the same name that my > solaris host and generated the keytab with this: > C:\temp>ktpass princ > host/[EMAIL PROTECTED] mapuser mysolarishost -pass > ad_user_pwd out file.keytab > And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil > I ran kinit host/[EMAIL PROTECTED], and it asked me for a > password (ad_usr_pwd) and all right. > Then I ran net ads join -U Administrator. > It asked for password and sent: > Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to > realm 'DOMAIN.COM.MX' > > After this, I ran SMB daemons. In log.smbd I get: > [2005/08/16 19:12:48, 0] smbd/server.c:main(802) > smbd version 3.0.20rc1 started. > Copyright Andrew Tridgell and the Samba Team > 1992-2004 > [2005/08/16 19:12:48, 0] > libads/kerberos.c:ads_kinit_password(146) > kerberos_kinit_password > host/[EMAIL PROTECTED] failed: Client not found in Kerberos > database > > If I run kinit host/[EMAIL PROTECTED], I get this > message: > kinit(v5): Client not found in Kerberos database while getting initial > credentials > > So, the problem is when a run net ads join. After that the > authentication with AD W2K is broken. If I delete the computer account > in AD W2K, the kinit command works again. > > Any idea? > > Here my configuration files: > smb.conf: > [global] > workgroup = DOMAINNETBIOS > netbios name = mysolarishost > idmap uid = 10000-20000 > idmap gid = 10000-20000 > security = ads > realm = DOMAIN.COM.MX > password server = adw2kserver.domain.com.mx > ---------------------------------------------- > > krb5.conf: > [libdefaults] > ticket_lifetime = 24000 > default_realm = DOMAIN.COM.MX > default_tgs_enctypes = des-cbc-crc > des-cbc-md5 > default_tkt_enctypes = des-cbc-crc > des-cbc-md5 [realms] > DOMAIN.COM.MX = { > kdc = adw2kserver.domain.com.mx > kdc = otherADw2kserver.domain.com.mx > admin_server = > ad2kserver.domain.com.mx > default_domain = domain.com.mx > } > [domain_realm] > domain.com.mx = DOMAIN.COM.MX > .domainnetbios = DOMAIN.COM.MX > domainnetbios = DOMAIN.COM.MX > ----------------------------------------------- > > nsswitch: > passwd: files winbind > group: files winbind > hosts: files wins > shadow: files winbind > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/mailman/listinfo/samba > ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba