Problems joining Samba toa w2000 AD PDC

lists at tuxdoit.com (Mário Gamito) · Thu Apr 7 00:51:54 2005

Hi Sean,

Thanks for your help.
I've configured /etc/krb5.conf and although i still can't join the Samba 
server to the Windows 2000 Server / Active Directory, the error messages 
shows some progress :P

[root@tux samba]# net ads join -Uf418@xxxxxxxxx
f418@xxxxxxxxx's password:
[2005/04/07 01:47:49, 0] libads/kerberos.c:ads_kinit_password(146)
   kerberos_kinit_password f418@xxxxxxxxx failed: Client not found in 
Kerberos database
[2005/04/07 01:47:49, 0] utils/net_ads.c:ads_startup(186)
   ads_connect: Client not found in Kerberos database
[root@tux samba]#

What missing client is this ?

----

On the other hand,

# kinit f148@xxxxxxxxx

gives me this:

# [root@tux samba]# kinit f148@xxxxxxxxx
kinit(v5): Cannot find KDC for requested realm while getting initial 
credentials
[root@tux samba]#

Where do i define this KDC thing ?

Any ideas ?

Thank you.

Warm Regards,
M?rio Gamito

Sean O'Connell wrote:
> On Wed, 2005-04-06 at 17:35 +0100, M?rio Gamito wrote:
> 
>>Hi Sean,
>>
>>No, i did nothing to krb5.conf
>>Didn't find any reference to that.
>>
>>Can you send me your example, please ?
>>
>>
>>I only put
>>
>>tux.dte.ua.pt   TUX.DTE.UA.PT
>>
>>in krb.realms
> 
> 
> Mario-
> 
> Take a look at the stock /etc/krb5.conf, and change all the
> example.com/EXAMPLE.COM settings to match your domain/realm
> settings. Once you can kinit as zbr, you'll know that your kerberos
> setup is functional.
> 
> For example, at UCSD, the campus active directory is (some would argue,
> cleverly :) called AD.UCSD.EDU, so a working krb5.conf looks like
> 
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  default_realm = AD.UCSD.EDU
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
> 
> [realms]
>  AD.UCSD.EDU = {
>   kdc = ad.ucsd.edu:88
>   admin_server = ad.ucsd.edu:749
>   default_domain = AD.UCSD.EDU
>  }
> 
> [domain_realm]
>  .ucsd.edu = AD.UCSD.EDU
>  ucsd.edu = AD.UCSD.EDU
>  .ad.ucsd.edu = AD.UCSD.EDU
>  ad.ucsd.edu = AD.UCSD.EDU
> 
> [kdc]
>  profile = /var/kerberos/krb5kdc/kdc.conf
> 
> [appdefaults]
>  pam = {
>    debug = false
>    ticket_lifetime = 36000
>    renew_lifetime = 36000
>    forwardable = true
>    krb4_convert = false
>  }
> 
> This is pretty much the stock krb5.conf after replacing all the
> example.com/EXAMPLE.COM with ad.ucsd.edu/AD.UCSD.EDU with a very minor
> tweak [domain_realm] section.
> 