On to the next problem:
I just got off the phone with IBM and they (the kerberos folks) said
they don't work with win2003 :O Has anybody got this working? Here is
what I get:
When I run 'net ads join -Uadmin' I get (at debug level 3):
[EMAIL PROTECTED]:~# net ads join -Umyname -d 3
[2006/01/17 10:50:09, 3] param/loadparm.c:lp_load(4195)
lp_load: refreshing parameters
[2006/01/17 10:50:09, 3] param/loadparm.c:init_globals(1385)
Initialising global parameters
[2006/01/17 10:50:09, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file
"/opt/Samba/3.0.21a/lib/smb.conf"
[2006/01/17 10:50:09, 3] param/loadparm.c:do_section(3657)
Processing section "[global]"
[2006/01/17 10:50:10, 2] lib/interface.c:add_interface(81)
added interface ip=X.X.105.57 bcast=X.X.105.127 nmask=255.255.255.128
[2006/01/17 10:50:10, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.255.251 bcast=192.168.255.255
nmask=255.255.0.0
myname's password:
[2006/01/17 10:50:12, 3] libads/ldap.c:ads_connect(288)
Connected to LDAP server X.X.100.207
[2006/01/17 10:50:12, 3] libads/ldap.c:ads_server_info(2541)
got ldap server name [EMAIL PROTECTED], using bind path:
dc=CORP,dc=ACSALASKA,dc=COM
[2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2006/01/17 10:50:12, 3] libads/sasl.c:ads_sasl_spnego_bind(219)
ads_sasl_spnego_bind: got server principal name
[EMAIL PROTECTED]
[2006/01/17 10:50:12, 3] libsmb/clikrb5.c:ads_krb5_mk_req(478)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2006/01/17 10:50:12, 0] libads/kerberos.c:ads_kinit_password(164)
kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
resolve network address for KDC in requested realm
[2006/01/17 10:50:12, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Cannot resolve network address for KDC in requested realm
[2006/01/17 10:50:12, 2] utils/net.c:main(876)
return code = -1
========================================================================
===
X.X.100.207 is the address of the kdc so it CAN resolve the address
X.X.105.57 is the address of the samba server
========================================================================
===
My krb5.conf looks like this:
[libdefaults]
default_realm = CORP.ACSALASKA.COM
default_keytab_name = FILE:/etc/krb5/krb5.keytab
default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts
des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts
des-cbc-md5 des-cbc-crc
# the next 2 lines came from my linux setup that is working but did not
help
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
CORP.ACSALASKA.COM = {
kdc = acsad6.corp.acsalaska.com:88
admin_server = acsad6.corp.acsalaska.com:749
default_domain = corp.acsalaska.com
}
[domain_realm]
.corp.acsalaska.com = CORP.ACSALASKA.COM
acsad6.corp.acsalaska.com = CORP.ACSALASKA.COM
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Colht, Charles
Sent: Wednesday, January 11, 2006 1:19 PM
To: William Jojo; [email protected]
Subject: RE: [Samba] Please help with samba 3.0.21a on AIX 5.3
Found that! It worked. Thanks for the help.
Chuck
-----Original Message-----
From: William Jojo [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 10, 2006 1:55 PM
To: Colht, Charles; [email protected]
Subject: Re: [Samba] Please help with samba 3.0.21a on AIX 5.3
----- Original Message -----
From: "Colht, Charles" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, January 09, 2006 8:37 PM
Subject: [Samba] Please help with samba 3.0.21a on AIX 5.3
***********************************************************************************
This transmittal may contain confidential information intended solely for
the addressee. If you are not the intended recipient, you are hereby
notified that you have received this transmittal in error; any review,
dissemination, distribution or copying of this transmittal is strictly
prohibited. If you have received this communication in error, please notify
us immediately by reply or by telephone (collect at 907-564-1000) and ask to
speak with the message sender. In addition, please immediately delete this
message and all attachments. Thank you. ACS
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
