> -----Original Message----- > From: centos-bounces at caosity.org [mailto:centos-bounces at caosity.org]On> Behalf Of Marcello Mezzanotti > Sent: Tuesday, February 15, 2005 2:23 PM > To: centos at caosity.org > Subject: [Centos] samba joining an ads domain > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, i just installed CentOS 3.4, im trying to join this machine on > Windows 2000 AD, i did some confs on krb5.conf (REALM CONF) and > smb.conf > > kinit Administrator at DOMAIN.COM goes fine but net ads join -U > Administrator give me this: > > [root at sol etc]# net ads join -U Administrator Administrator's > password: > [2005/02/15 17:28:32, 0] utils/net_ads.c:ads_startup(186) > ads_connect: No credentials found with supported encryption types > [root at sol etc]# > > whats wrong??Funny, I was _just_ working on this. There are two issues that I encountered, the first being the one above and Google helped to resolve both. To correct your immediate issue, add default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc to the [libdefaults] section of /etc/krb5.conf Additionally, to get ssh access working I needed to disable the use of privileged separation for sshd. The problem in my case is that pam_mkhomedir.so needs root access to create the home directories if they don't exist. The way I've done it makes sshd a little less secure so I'm open to other suggestions... /etc/ssh/sshd_config -- UsePrivilegeSeparation no The information in my log files before the change was -- /var/log/secure Feb 15 11:23:29 prodlnx01 sshd[7990]: Accepted password for [username] from [host] port 32781 ssh2 Feb 15 11:23:29 prodlnx01 sshd[7992]: fatal: PAM session setup failed[6]: Permission denied And /var/log/messages Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: check pass; user unknown Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[host] Feb 15 11:23:29 prodlnx01 pam_winbind[7990]: user '[username]' granted access Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7992]: session opened for user [username] by (uid=10327) -- Marc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, i just installed CentOS 3.4, im trying to join this machine on Windows 2000 AD, i did some confs on krb5.conf (REALM CONF) and smb.conf kinit Administrator at DOMAIN.COM goes fine but net ads join -U Administrator give me this: [root at sol etc]# net ads join -U Administrator Administrator's password: [2005/02/15 17:28:32, 0] utils/net_ads.c:ads_startup(186) ads_connect: No credentials found with supported encryption types [root at sol etc]# whats wrong?? Thank you Marcello -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQhJaFkOuB+FVjoUOEQJnoQCbBGdxooozKZBYl/MIp7m+L/pu3SgAn3fy fKsUccG1kvSlJWBlYT5iMjYW =hX7K -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oh man, thanks a lot, now it work, i just need the machine joined, it'll be my proxy server with AD auth, i dont want no one sshing to my proxy :) funny, i had a fedora core 2 box doing this and with vanilla krb5.conf (just REAL CONF MODS) everything works fine anyway thanks a lot> -----Original Message----- > From: centos-bounces at caosity.org > [mailto:centos-bounces at caosity.org]On> Behalf Of Marcello Mezzanotti > Sent: Tuesday, February 15, 2005 2:23 PM > To: centos at caosity.org > Subject: [Centos] samba joining an ads domain > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, i just installed CentOS 3.4, im trying to join this machine > on Windows 2000 AD, i did some confs on krb5.conf (REALM CONF) and > smb.conf > > kinit Administrator at DOMAIN.COM goes fine but net ads join -U > Administrator give me this: > > [root at sol etc]# net ads join -U Administrator Administrator's > password: > [2005/02/15 17:28:32, 0] utils/net_ads.c:ads_startup(186) > ads_connect: No credentials found with supported encryption types > [root at sol etc]# > > whats wrong??Funny, I was _just_ working on this. There are two issues that I encountered, the first being the one above and Google helped to resolve both. To correct your immediate issue, add default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes des-cbc-crc to the [libdefaults] section of /etc/krb5.conf Additionally, to get ssh access working I needed to disable the use of privileged separation for sshd. The problem in my case is that pam_mkhomedir.so needs root access to create the home directories if they don't exist. The way I've done it makes sshd a little less secure so I'm open to other suggestions... /etc/ssh/sshd_config -- UsePrivilegeSeparation no The information in my log files before the change was -- /var/log/secure Feb 15 11:23:29 prodlnx01 sshd[7990]: Accepted password for [username] from [host] port 32781 ssh2 Feb 15 11:23:29 prodlnx01 sshd[7992]: fatal: PAM session setup failed[6]: Permission denied And /var/log/messages Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: check pass; user unknown Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7990]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruserrhost=[host] Feb 15 11:23:29 prodlnx01 pam_winbind[7990]: user '[username]' granted access Feb 15 11:23:29 prodlnx01 sshd(pam_unix)[7992]: session opened for user [username] by (uid=10327) - -- Marc _______________________________________________ CentOS mailing list CentOS at caosity.org http://lists.caosity.org/mailman/listinfo/centos -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQhJjlEOuB+FVjoUOEQJNOACcDSNZtm5AbZufqatnFvQ/xQdFRxkAn3o7 Ts0/a/7G/m1fV9wZaoVvJvRH =rCPG -----END PGP SIGNATURE-----