-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Oh man, thanks a lot, now it work, i just need the machine joined, it'll be my proxy server with AD auth, i dont want no one sshing to my proxy :)
funny, i had a fedora core 2 box doing this and with vanilla krb5.conf (just REAL CONF MODS) everything works fine
anyway thanks a lot
-----Original Message----- From: centos-bounces@caosity.org [mailto:centos-bounces@caosity.org]
On
Behalf Of Marcello Mezzanotti Sent: Tuesday, February 15, 2005 2:23 PM To: centos@caosity.org Subject: [Centos] samba joining an ads domain
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello, i just installed CentOS 3.4, im trying to join this machine on Windows 2000 AD, i did some confs on krb5.conf (REALM CONF) and smb.conf
kinit Administrator@DOMAIN.COM goes fine but net ads join -U Administrator give me this:
[root@sol etc]# net ads join -U Administrator Administrator's password: [2005/02/15 17:28:32, 0] utils/net_ads.c:ads_startup(186) ads_connect: No credentials found with supported encryption types [root@sol etc]#
whats wrong??
Funny, I was _just_ working on this. There are two issues that I encountered, the first being the one above and Google helped to resolve both. To correct your immediate issue, add
default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc
to the [libdefaults] section of /etc/krb5.conf
Additionally, to get ssh access working I needed to disable the use of privileged separation for sshd. The problem in my case is that pam_mkhomedir.so needs root access to create the home directories if they don't exist. The way I've done it makes sshd a little less secure so I'm open to other suggestions...
/etc/ssh/sshd_config --
UsePrivilegeSeparation no
The information in my log files before the change was --
/var/log/secure Feb 15 11:23:29 prodlnx01 sshd[7990]: Accepted password for [username] from [host] port 32781 ssh2 Feb 15 11:23:29 prodlnx01 sshd[7992]: fatal: PAM session setup failed[6]: Permission denied
And
/var/log/messages Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: check pass; user unknown Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[host] Feb 15 11:23:29 prodlnx01 pam_winbind[7990]: user '[username]' granted access Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7992]: session opened for user [username] by (uid=10327)
- -- Marc
_______________________________________________ CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos