Hi Sean,
Thanks for your help. I've configured /etc/krb5.conf and although i still can't join the Samba server to the Windows 2000 Server / Active Directory, the error messages shows some progress :P
[root@tux samba]# net ads join -Uf418@dte.ua.pt f418@dte.ua.pt's password: [2005/04/07 01:47:49, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password f418@DTE.UA.PT failed: Client not found in Kerberos database [2005/04/07 01:47:49, 0] utils/net_ads.c:ads_startup(186) ads_connect: Client not found in Kerberos database [root@tux samba]#
What missing client is this ?
----
On the other hand,
# kinit f148@dte.ua.pt
gives me this:
# [root@tux samba]# kinit f148@dte.ua.pt kinit(v5): Cannot find KDC for requested realm while getting initial credentials [root@tux samba]#
Where do i define this KDC thing ?
Any ideas ?
Thank you.
Warm Regards, Mário Gamito
Sean O'Connell wrote:
On Wed, 2005-04-06 at 17:35 +0100, Mário Gamito wrote:
Hi Sean,
No, i did nothing to krb5.conf Didn't find any reference to that.
Can you send me your example, please ?
I only put
tux.dte.ua.pt TUX.DTE.UA.PT
in krb.realms
Mario-
Take a look at the stock /etc/krb5.conf, and change all the example.com/EXAMPLE.COM settings to match your domain/realm settings. Once you can kinit as zbr, you'll know that your kerberos setup is functional.
For example, at UCSD, the campus active directory is (some would argue, cleverly :) called AD.UCSD.EDU, so a working krb5.conf looks like
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = AD.UCSD.EDU dns_lookup_realm = false dns_lookup_kdc = false
[realms] AD.UCSD.EDU = { kdc = ad.ucsd.edu:88 admin_server = ad.ucsd.edu:749 default_domain = AD.UCSD.EDU }
[domain_realm] .ucsd.edu = AD.UCSD.EDU ucsd.edu = AD.UCSD.EDU .ad.ucsd.edu = AD.UCSD.EDU ad.ucsd.edu = AD.UCSD.EDU
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
This is pretty much the stock krb5.conf after replacing all the example.com/EXAMPLE.COM with ad.ucsd.edu/AD.UCSD.EDU with a very minor tweak [domain_realm] section.