[Centos] samba joining an ads domain

Tue Feb 15 21:03:17 UTC 2005
Marcello Mezzanotti <mezzanet at iname.com>

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh man, thanks a lot,
now it work, i just need the machine joined, it'll be my proxy server
with AD auth, i dont want no one sshing to my proxy :)

funny, i had a fedora core 2 box doing this and with vanilla
krb5.conf (just REAL CONF MODS) everything works fine

anyway thanks a lot


> -----Original Message-----
> From: centos-bounces at caosity.org
> [mailto:centos-bounces at caosity.org] 
On
> Behalf Of Marcello Mezzanotti
> Sent: Tuesday, February 15, 2005 2:23 PM
> To: centos at caosity.org
> Subject: [Centos] samba joining an ads domain
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello, i just installed CentOS 3.4, im trying to join this machine
> on  Windows 2000 AD, i did some confs on krb5.conf (REALM CONF) and
> smb.conf
> 
> kinit Administrator at DOMAIN.COM goes fine but net ads join -U 
> Administrator give me this:
> 
> [root at sol etc]# net ads join -U Administrator Administrator's
> password:
> [2005/02/15 17:28:32, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: No credentials found with supported encryption types
>  [root at sol etc]#
> 
> whats wrong??

Funny, I was _just_ working on this. There are two issues that I
encountered, the first being the one above and Google helped to
resolve both. To correct your immediate issue, add 

default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes =
des-cbc-crc

to the [libdefaults] section of /etc/krb5.conf

Additionally, to get ssh access working I needed to disable the use
of privileged separation for sshd. The problem in my case is that
pam_mkhomedir.so needs root access to create the home directories if
they don't exist. The way I've done it makes sshd a little less
secure so I'm open to other suggestions...

/etc/ssh/sshd_config --

UsePrivilegeSeparation no

The information in my log files before the change was --

/var/log/secure
Feb 15 11:23:29 prodlnx01 sshd[7990]: Accepted password for
[username] from [host] port 32781 ssh2 Feb 15 11:23:29 prodlnx01
sshd[7992]: fatal: PAM session setup
failed[6]: Permission denied

And

/var/log/messages
Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: check pass; user
unknown Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=[host] Feb 15 11:23:29 prodlnx01 pam_winbind[7990]: user
'[username]' granted access Feb 15 11:23:29 prodlnx01
sshd(pam_unix)[7992]: session opened for user [username] by
(uid=10327)

- --
Marc 

_______________________________________________
CentOS mailing list
CentOS at caosity.org
http://lists.caosity.org/mailman/listinfo/centos

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQhJjlEOuB+FVjoUOEQJNOACcDSNZtm5AbZufqatnFvQ/xQdFRxkAn3o7
Ts0/a/7G/m1fV9wZaoVvJvRH
=rCPG
-----END PGP SIGNATURE-----