Avron, In addition to below, try restarting Smb + Winbind after you obtain new Kerberos ticket via kinit.
-Kums On Wed, Jan 7, 2009 at 5:28 PM, Kums <[email protected]> wrote: > Avron, > > Did you update your "/etc/krb5.conf" to include the new domain + KDC info > and "kinit" before joining to the new Domain via "net ads join"? > > -Kums > > > On Wed, Jan 7, 2009 at 9:39 AM, Avron Gray <[email protected]> wrote: > >> Hello folks, >> >> I have been able to successfully compile (MIT) kerberos (1.5.4) and >> samba (3.0.28a) on a Solaris 9 (Kernel version: SunOS 5.9 Generic >> 122300-31 Aug 2008) host. >> I was able to successfully join this host to a DEVDOMAIN >> >> This is the smb.conf file that I used: >> [global] >> # If there are no settings here, Samba uses the default values for all >> global settings >> security = ads >> realm = DEVDOMAIN.CA >> workgroup = DEVDOMAIN >> encrypt passwords = yes >> server string = %h Samba %v >> smb ports = 445 >> disable netbios = yes >> name resolve order = hosts >> log file = /var/log/samba/samba_log.%m >> log level = 2 >> # This include statement will grab the share configuration information >> from an external file >> include = /usr/local/samba/lib/smb.conf.%h >> >> Tested, and everything worked as expected. Shares listed in >> /usr/local/samba/lib/smb.conf.hostname were available, and all was good. >> Next step, was to join the host to the production domain... >> >> I changed all mention of DEVDOMAIN to DOMAIN in smb.conf. >> >> However, when I run "net ads testjoin", I'm getting the following >> error... >> >> bash-2.05# net ads testjoin >> [2009/01/07 09:27:34, 0] libads/kerberos.c:ads_kinit_password(228) >> kerberos_kinit_password [email protected] failed: Cannot resolve >> network address for KDC in requested realm >> [2009/01/07 09:27:34, 0] libads/kerberos.c:ads_kinit_password(228) >> kerberos_kinit_password [email protected] failed: Cannot resolve >> network address for KDC in requested realm >> Join to domain is not valid: Undetermined error >> >> >> Is this related to the host having belonged to a different domain to >> begin with? Or am I missing something bigger? >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
