RE: [Samba] After net ads join, kinit fails: Client not found...

Ross McInnes Thu, 18 Aug 2005 00:36:30 -0700

On the windows machine, I just set it (again) to what it already was, worked
fine after that.


Just looking at your krb5.conf file there are a few differences from mine

 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5

I don't have either of those and;

[realms]
        DOMAIN.COM.MX = {
                 kdc = adw2kserver.domain.com.mx
                 kdc = otherADw2kserver.domain.com.mx
                 admin_server = ad2kserver.domain.com.mx
                 default_domain = domain.com.mx
         }

I only have the single kdc and it has :88 (port Im guessing) at the end of
the kdc line.

I have :749 at the end of admin_server

I have redhat es3 here, and I didn't do anything as complicated as you it
would seem (don't know if solaris makes a difference or not)

Simply, Made sure openldap was installed and kerb. Then I configured my
/etc/krb5.conf file to point to the right locatation and ran the kinit
[EMAIL PROTECTED]

Prompted me for a password (which didn't work 1st time, reseting
administrator on the Windows box then sorted it)

Its worked for me ever since...

Sorry I can't be of more help on this

Ross

-----Original Message-----
From: P V [mailto:[EMAIL PROTECTED] 
Sent: 17 August 2005 17:53
To: Ross McInnes; samba@lists.samba.org
Subject: RE: [Samba] After net ads join, kinit fails: Client not found...

   Hi Ross!
   Excuse my ignorance, but how can I reset the administrators password?

--- Ross McInnes <[EMAIL PROTECTED]> wrote:

>  
> Hi, I *think* I had this issue. This was during my 1st setup, when I 
> reset the  administrators password it worked fine afterwards.
> 
> Also look on the AD and make sure it actually joined the domain.
> 
> Cheers
> 
> Ross
> 
> 
> -----Original Message-----
> From:
> [EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]
> On Behalf Of P
> V
> Sent: 17 August 2005 15:33
> To: samba@lists.samba.org
> Subject: [Samba] After net ads join, kinit fails:
> Client not found...
> 
>   I'm installing Samba with Security ADS (compiled --with-winbind 
> --with-ads --with-ldap --with-krb5) on Solaris 8, for connect with 
> ActiveDirectory W2K.
>   First, I created in AD Windows an account with the same name that my 
> solaris host and generated the keytab with this:
> C:\temp>ktpass princ
> host/[EMAIL PROTECTED] mapuser mysolarishost -pass 
> ad_user_pwd out file.keytab
>   And add the file to /etc/krb5/krb5.keytab with kerberos/sbin/ktutil
>   I ran kinit host/[EMAIL PROTECTED], and it asked me for a 
> password (ad_usr_pwd) and all right.
>   Then I ran net ads join -U Administrator.
>   It asked for password and sent:
> Using short domain name -- DOMAINNETBIOS Joined 'MYSOLARISHOST' to 
> realm 'DOMAIN.COM.MX'
> 
>   After this, I ran SMB daemons. In log.smbd I get:
> [2005/08/16 19:12:48, 0] smbd/server.c:main(802)
>   smbd version 3.0.20rc1 started.
>   Copyright Andrew Tridgell and the Samba Team
> 1992-2004
> [2005/08/16 19:12:48, 0]
> libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password
> host/[EMAIL PROTECTED] failed: Client not found in Kerberos 
> database
> 
>    If I run kinit host/[EMAIL PROTECTED], I get this 
> message:
> kinit(v5): Client not found in Kerberos database while getting initial 
> credentials
> 
>    So, the problem is when a run net ads join. After that the 
> authentication with AD W2K is broken. If I delete the computer account 
> in AD W2K, the kinit command works again.
> 
>    Any idea?
>   
> Here my configuration files:
> smb.conf:
>  [global]
>     workgroup = DOMAINNETBIOS
>     netbios name = mysolarishost
>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>     security = ads
>     realm = DOMAIN.COM.MX
>     password server = adw2kserver.domain.com.mx
> ----------------------------------------------
> 
> krb5.conf:
> [libdefaults]
>         ticket_lifetime = 24000
>         default_realm = DOMAIN.COM.MX
>         default_tgs_enctypes = des-cbc-crc
> des-cbc-md5
>         default_tkt_enctypes = des-cbc-crc
> des-cbc-md5 [realms]
>        DOMAIN.COM.MX = {
>                 kdc = adw2kserver.domain.com.mx
>                 kdc = otherADw2kserver.domain.com.mx
>                 admin_server =
> ad2kserver.domain.com.mx
>                 default_domain = domain.com.mx
>         }
> [domain_realm]
>         domain.com.mx = DOMAIN.COM.MX
>         .domainnetbios = DOMAIN.COM.MX
>         domainnetbios = DOMAIN.COM.MX
> -----------------------------------------------
> 
> nsswitch:
> passwd:     files winbind
> group:      files winbind
> hosts:      files wins
> shadow:     files winbind
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: 
> https://lists.samba.org/mailman/listinfo/samba
> 



                
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] After net ads join, kinit fails: Client not found...

Reply via email to