[Samba] Can't get kerberos ticket with samba 3.0.23d and Windows Server 2k3 SP1

Tue, 09 Jan 2007 08:11:11 -0800 

Hi,
i've installed Samba 3.0.23d on Solaris 10 (SPARC) with MIT Kerberos 1.5.1, openLDAP 2.3.30 and openSSL 0.9.8d. 


I have 2 Windows Server 2003 SP1 Domain Controller and about 20 Windows 
XP SP2 clients.


My problem is that i can't get a kerberos ticket to join the domain.

If i try to get a ticket with 'kinit [EMAIL PROTECTED]' i get 
always the error

kinit(v5): KDC policy rejects request while getting initial credentials


The time between the Windows and Solaris Server is synced and there is a 
AD-DNS-Server running and (i think so) properly configured.



We have an other samba-server that was installed 1,5 years ago. At this 
time i was able to get a ticket and to join the domain. The only thing 
was changed is the installation of the SP1 on the DCs.


I hope somebody can help me!!

Here are my config files:

/usr/local/samba/lib/smb.conf:
# Samba config file created using SWAT
# from 192.68.254.236 (192.68.254.236)
# Date: 2007/01/09 16:21:44

[global]
        workgroup = PONTOS
        realm = PONTOS.LOCAL
        security = ADS
        map to guest = Bad User
        password server = 192.68.254.81 #That is the IP of the 1st DC
        root directory = /
        username map = /usr/local/samba/private/user.map
        lanman auth = No
        ntlm auth = No
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        log level = 3
        min protocol = NT1
        client signing = required
        server signing = required
        load printers = No
        domain master = No
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%U
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes

        hosts allow = themisto, psamathe, rhea, agaue, 192.68.254.81, 
192.68.254.82


[local_home]
        path = /local_home
        read only = No

[raiweber]
        path = /local_home/nt4_home/raiweber
        read only = No
        browseable = No

----------------------------------

/etc/krb5/krb5.conf:
[libdefaults]
        default_realm = PONTOS.LOCAL

[realms]
        PONTOS.LOCAL = {
                kdc = themisto.pontos.local
                admin_server = themisto.pontos.local
        }

[domain_realm]
        .pontos.local = PONTOS.LOCAL
        pontos.local = PONTOS.LOCAL

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {
                period = 7d
                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }


--
+--------------------------------------+
| Max Planck Institute for Mathematics |
|        System Administration         |
|                                      |
|  Vivatsgasse 7, 53111 Bonn, Germany  |
|  Tel       +49 (0)228-402-239        |
|  Fax       +49 (0)228-402-277        |
|  Email     [EMAIL PROTECTED] |
+--------------------------------------+
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba














    











					Reply via email to