[CentOS] Problems joining Samba toa w2000 AD PDC
Mário Gamito
lists at tuxdoit.com
Thu Apr 7 00:51:42 UTC 2005
Hi Sean,
Thanks for your help.
I've configured /etc/krb5.conf and although i still can't join the Samba
server to the Windows 2000 Server / Active Directory, the error messages
shows some progress :P
[root at tux samba]# net ads join -Uf418 at dte.ua.pt
f418 at dte.ua.pt's password:
[2005/04/07 01:47:49, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password f418 at DTE.UA.PT failed: Client not found in
Kerberos database
[2005/04/07 01:47:49, 0] utils/net_ads.c:ads_startup(186)
ads_connect: Client not found in Kerberos database
[root at tux samba]#
What missing client is this ?
----
On the other hand,
# kinit f148 at dte.ua.pt
gives me this:
# [root at tux samba]# kinit f148 at dte.ua.pt
kinit(v5): Cannot find KDC for requested realm while getting initial
credentials
[root at tux samba]#
Where do i define this KDC thing ?
Any ideas ?
Thank you.
Warm Regards,
Mário Gamito
Sean O'Connell wrote:
> On Wed, 2005-04-06 at 17:35 +0100, Mário Gamito wrote:
>
>>Hi Sean,
>>
>>No, i did nothing to krb5.conf
>>Didn't find any reference to that.
>>
>>Can you send me your example, please ?
>>
>>
>>I only put
>>
>>tux.dte.ua.pt TUX.DTE.UA.PT
>>
>>in krb.realms
>
>
> Mario-
>
> Take a look at the stock /etc/krb5.conf, and change all the
> example.com/EXAMPLE.COM settings to match your domain/realm
> settings. Once you can kinit as zbr, you'll know that your kerberos
> setup is functional.
>
> For example, at UCSD, the campus active directory is (some would argue,
> cleverly :) called AD.UCSD.EDU, so a working krb5.conf looks like
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = AD.UCSD.EDU
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> AD.UCSD.EDU = {
> kdc = ad.ucsd.edu:88
> admin_server = ad.ucsd.edu:749
> default_domain = AD.UCSD.EDU
> }
>
> [domain_realm]
> .ucsd.edu = AD.UCSD.EDU
> ucsd.edu = AD.UCSD.EDU
> .ad.ucsd.edu = AD.UCSD.EDU
> ad.ucsd.edu = AD.UCSD.EDU
>
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
> This is pretty much the stock krb5.conf after replacing all the
> example.com/EXAMPLE.COM with ad.ucsd.edu/AD.UCSD.EDU with a very minor
> tweak [domain_realm] section.
>
More information about the CentOS
mailing list