On Tue, 12 Apr 2011, Alain Péan wrote:
Le 12/04/2011 22:03, John Hodrien a écrit :
On Tue, 12 Apr 2011, Alain Péan wrote:
Indeed, nothing fails now. I want my users to authenticate against
Active directory, and it works, and I would like them to be able to use
their kerberos credentials, if they need, to access domain ressources,
as shares. But I have still to see a problem there..
Thanks again for your help and your comments !
So is it all working after taking out the ldap auth? With it in
you'll not be
generating kerberos tickets if there's anything wrong with your kerberos
setup.
jh
No, you are right, things do not work as I expect. When I disable
ldapauth, I cannot authenticate. So kerberos is not working.
I have kerberos error messages with samba when I try to join AD domain
with net ads join. But net rpc join succeeds.
# net ads join -U pean -d3
....
[2011/04/12 22:19:45.797972, 3] libads/sasl.c:790(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name =
pc-2003-test$@TEST-LPP.LOCAL
[2011/04/12 22:19:45.798331, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2011/04/12 22:19:45.811493, 1] libsmb/clikrb5.c:710(ads_krb5_mk_req)
ads_krb5_mk_req: smb_krb5_get_credentials failed for
pc-2003-test$@TEST-LPP.LOCAL (Cannot find ticket for requested realm)
....
Why 'no credential cache found' ?
I would like to solve this annoying problem. Why it is no more working
after upgrading to 5.6 ?
I'm afraid you've cooked my brain with all the realms you've mentioned, so I'm
not entirely clear what's going on.
It's complaining about your kdc.
Is pc-2003-test the KDC for the TEST-LPP.LOCAL realm, or is it KDC for the
LAB-LPP.LOCAL realm? Is its FQDN pc-2003-test.test-lpp.local?
Without worrying about the join, does 'kinit <username>' work?
jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
