Le 12/04/2011 22:03, John Hodrien a écrit : > On Tue, 12 Apr 2011, Alain Péan wrote: > >> Indeed, nothing fails now. I want my users to authenticate against >> Active directory, and it works, and I would like them to be able to use >> their kerberos credentials, if they need, to access domain ressources, >> as shares. But I have still to see a problem there.. >> >> Thanks again for your help and your comments ! > > So is it all working after taking out the ldap auth? With it in > you'll not be > generating kerberos tickets if there's anything wrong with your kerberos > setup. > > jh No, you are right, things do not work as I expect. When I disable ldapauth, I cannot authenticate. So kerberos is not working. I have kerberos error messages with samba when I try to join AD domain with net ads join. But net rpc join succeeds. # net ads join -U pean -d3 .... [2011/04/12 22:19:45.797972, 3] libads/sasl.c:790(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = pc-2003-test$@TEST-LPP.LOCAL [2011/04/12 22:19:45.798331, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2011/04/12 22:19:45.811493, 1] libsmb/clikrb5.c:710(ads_krb5_mk_req) ads_krb5_mk_req: smb_krb5_get_credentials failed for pc-2003-test$@TEST-LPP.LOCAL (Cannot find ticket for requested realm) .... Why 'no credential cache found' ? I would like to solve this annoying problem. Why it is no more working after upgrading to 5.6 ? Alain