Sorry, I do have a ticket. It's the Kerberos 4 Ticket I don't have, so that is
not the problem.
Here's the klist
[EMAIL PROTECTED] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
01/19/06 14:34:41 01/20/06 00:34:44 krbtgt/[EMAIL PROTECTED]
renew until 01/20/06 14:34:41
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Roberto Mason
IT Department
Sir Wilfrid Laurier School Board
235 Montée Lesage
Rosemère, Québec,
J7A 4Y6
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mason, Roberto
Sent: Wednesday, January 18, 2006 3:12 PM
To: [email protected]
Subject: RE: [Samba] RE: ads_connect: Program lacks support for encryption type
My Clock is synchronizing with the server here. I have just one entry in
/etc/ntp.conf. When I do Klist, I don't get any tickets. What I get for server
principal though is krbtgt/[EMAIL PROTECTED] I'm not familiar with Kerberos,
but to me this looks wrong, or maybe not. I ran kinit. It completed with no
message of any kind. I presume that's normal.
When I ran kpasswd [EMAIL PROTECTED], it asked for my passwd, which I entered,
and then it asked me for a new password, so it seems to be working.
I'm running samba 3.0.21a.
Roberto Mason
IT Department
Sir Wilfrid Laurier School Board
235 Montée Lesage
Rosemère, Québec,
J7A 4Y6
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, January 13, 2006 7:09 PM
To: [email protected]
Subject: [Samba] RE: ads_connect: Program lacks support for encryption type
Roberto,
Check your clocks on both your AD server and samba box. They need to be
as close to eachother as possible.
Also, check your Kerberos connection using kinit and kpasswd. That will
tell you if your Kerberos is setup properly.
Also, what version of samba are you running?
I think that I remember it using DES encryption... you could also check
your AD Policy to see if "third-party smb server" is disabled or if
"secure channel" is enabled.
After that, then try your net join again. Hope that helps.
Cheers, Peter.
----- Forwarded by Peter Brunnengräber/Bccnetworks on 13.01.2006 18:53
-----
[EMAIL PROTECTED] wrote on 13.01.2006
12:12:37:
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] On Behalf Of
> Mason, Roberto
> Sent: Friday, January 13, 2006 10:48 AM
> To: [email protected]
> Subject: [Samba] ads_connect: Program lacks support for encryption type
>
> I'm trying to setup here at my school board an ADS domain member to
> Windows 2000 Server(s). I've setup Samba, configured nsswitch and
> /etc/krb5.conf. I'll be including them on this post. When I run <<
> net join ADS -U<administrative_user>, I'm prompted for the password
> and I get this error message:
>
>
>
> [2006/01/12 15:21:35, 0] utils/net_ads.c:ads_startup(191)
>
> ads_connect: Program lacks support for encryption type
>
>
>
> I scoured Google, but I've not been able to find the solution.
>
>
>
> Is there a service I'm not running?
>
>
>
> # Samba config file created using SWAT
>
> # from 0.0.0.0 (0.0.0.0)
>
> # Date: 2006/01/11 16:27:02
>
>
>
> /etc/samba/smb.conf
>
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2006/01/11 16:27:02
>
> [global]
> workgroup = MYDOMAIN
> realm = MYDOMAIN.QC.CA
> bind interfaces only = Yes
> security = ADS
> username map = /etc/samba/smbusers
> log level = 1
> printcap name = cups
> wins server = xxx.xxx.xxx.xxx
> ldap ssl = no
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
>
> winbind use default domain = no
> [homes]
> valid users = %S
> read only = No
> browseable = No
>
> #masonr is a local user
> [storage2]
> path = /drive
> valid users = masonr
> write list = masonr
> force user = nobody
> force group = nobody
> read only = No
>
>
>
> etc/nsswitch.conf
>
>
>
> passwd: files winbind
>
> shadow: files
>
> group: files winbind
>
>
>
> #hosts: db files ldap nis dns
>
> hosts: files winbind dns
>
>
>
> # Example - obey only what ldap tells us...
>
> #services: ldap [NOTFOUND=return] files
>
> #networks: ldap [NOTFOUND=return] files
>
> #protocols: ldap [NOTFOUND=return] files
>
> #rpc: ldap [NOTFOUND=return] files
>
> #ethers: ldap [NOTFOUND=return] files
>
>
>
> bootparams: files
>
> ethers: files
>
> netmasks: files
>
> networks: files dns
>
> protocols: files
>
> rpc: files
>
> services: files
>
> netgroup: files
>
> publickey: files
>
> automount: files
>
> aliases: files
>
>
>
> /etc/krb5.conf
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = MYDOMAIN.QC.CA
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
>
>
> [realms]
> MYDOMAIN.QC.CA = {
> default_domain = mydomain.qc.ca
> kdc = server1.mydomain.qc.ca:88
> kdc = server2.mydomain.qc.ca:88
> admin_server = server1.mydomain.qc.ca:749
> }
>
> [domain_realm]
> .mydomain.qc.ca = MYDOMAIN.QC.CA
> mydomain.qc.ca = MYDOMAIN.QC.CA
>
>
>
>
>
>
>
>
>
> Roberto Mason
>
> IT Department
>
> Sir Wilfrid Laurier School Board
>
> 235 Montée Lesage
> Rosemère, Québec,
> J7A 4Y6
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
