2009/3/26 fabian dacunha <fabian at baladia.gov.kw>: > > Dear All, > > I have succesfully managed to have my kerberos configured n working > without error when i say > > kinit Administrator > and after entering password it works fine > > my krb5.conf > -------------- > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = BALADIA.LOCAL > dns_lookup_kdc = false > > dns_lookup_realm = false > [realms] > BALADIA.LOCAL = { > default_domain = baladia.local > kdc = 172.16.2.227:88 > admin_server = 172.16.2.227:749 > kdc = KMUN > } > > [domain_realm] > baladia.local = BALADIA.LOCAL > > -------------------------------- > > klist shows > > icket cache: FILE:/tmp/krb5cc_0 > Default principal: Administrator at BALADIA.LOCAL > > Valid starting Expires Service principal > 03/26/09 11:33:04 03/26/09 21:33:18 krbtgt/BALADIA.LOCAL at BALADIA.LOCAL > renew until 03/27/09 11:33:04 > > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > ------------------------ > > now i configured /etc/samba/smb.conf but when i try to join the domain > > net ads join -U Administrator > Administrator's password: > [2009/03/26 21:58:05, 0] utils/net_ads.c:ads_startup_int(286) > ads_connect: No logon servers > Failed to join domain: No logon servers > > after googling and tryin various options in /etc/samba/smb.conf file here > is the latest smb.conf file > --------------------- > > [global] > #--authconfig--start-line-- > > # Generated by authconfig on 2009/03/26 12:50:28 > # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) > # Any modification may be deleted or altered by authconfig in future > > workgroup = BALADIA.LOCAL > ; password server = kmun.baladia.local > password server = 172.16.2.227 > realm = KMUN.BALADIA.LOCAL > security = ads > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > winbind separator = + > template shell = /bin/bash > winbind use default domain = true > winbind offline logon = false > encrypt passwords = yes > log level = 3 > #--authconfig--end-line-- > encrypt passwords = yes > dns proxy = no > server string = Samba Server Version %v > os level = 20 > client use spnego = no > server signing = auto > > -------------------------------------- > > where i could be goin wrong > i would be thankful and really apprecite your advice for any setting in my > smb.conf file > > Is there anything else to check > > when i run testparam it gives no errors > > thnks and Regards > > Fabian > > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > Can you get to the ADS netlogon share? It is //domainname/netlogon which may be //baladia.local/netlogon/ on your network. //172.16.2.227/netlogon ? Further, even connecting WinVista to a domain will sometimes require raw editing of the hosts properties in LDAP. SysInternal's adexplorer.exe or jexplorer (don't use java 1.6) are good at this. Specifically, you will want to make sure dnsHostName and servicePrincipalName (SPN) are correct. If not, these tools with the domain admin privilege will let you edit these ldap entries directly. Use a known good ADS connected node as an example. There is a list of apps based on python-ldap at http://python-ldap.sourceforge.net/apps.shtml Some of those would provide adexplorer.exe type functionality, but i haven't tried them for editing. Hmmm, now i wonder if they work at all with Samba b/c python hooks were removed in Samba 3.2.0 due to lack of maintenance??? I would like a script that could be run on a Windows ADS server, a ADS domain connected windows client, and linux. The script would generate and verify everything needed to successfully connect. SASL required? Unsecured or Secured auth? kerberos and ldap identifiying info. ldapenum.pl was an attempt at this. You will want to read the announcement for Samba 3.2 which i am not sure if 3.2 is in the CentOS release repo or not. i ended up using fc9/fc10 for ads joins. EnterpriseSamba.com may still be your best bet for CentOS. http://lists.samba.org/archive/samba-announce/2008/000145.html