Hi,
I am trying to get samba 3.0.7 working with our win2k DC. I installed samba
from the ports collection, so the kerberos library looks to be the heimdel
version.
I can use kinit to create a ticket and it authenticates against the DC just
fine. However when I attempt to use "net ads join" it fails with the
following response:
[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Unknown error: -1765328343
Also note running "net ads join" without the -U parameter simply
prompts for
a password for "root" even though I have created a ticket successfully
with
kinit.
I have configured krb5.conf and smb.conf with the minimal items.
smb.conf
[global]
workgroup = CPOLDOM
netbios name = BSDWEB
realm = CPOL.DOM
security = ads
encrypt passwords = yes
password server = 192.168.1.10
krb5.conf
[libdefaults]
default_realm = CPOL.DOM
[domain_realm]
.cpol.dom = CPOL.DOM
cpol.dom = CPOL.DOM
[realms]
CPOL.DOM = {
kdc = 192.168.1.10
default_domain = cpol.dom
}
Thanks,
Josh
I was having the same problem as you decribe with 4.10 version of
freebsd and found a number of reasons why it was not working, but I
manage to find this great walk through and get it working with 5.2.1.
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
Try it and see if it helps and curious what version of freebsd are you
using?
-----Original Message-----
From: samba-bounces+esavage=digitalrage.org@lists.samba.org
[mailto:samba-bounces+esavage=digitalrage.org@lists.samba.org] On Behalf
Of Josh Kropf
Sent: Tuesday, November 09, 2004 4:47 PM
To: samba@lists.samba.org
Subject: [Samba] Unable to join AD (FreeBSD)
Hi,
I am trying to get samba 3.0.7 working with our win2k DC. I installed
samba from the ports collection, so the kerberos library looks to be the
heimdel version.
I can use kinit to create a ticket and it authenticates against the DC
just fine. However when I attempt to use "net ads join" it fails with
the following response:
[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Unknown error: -1765328343
Also note running "net ads join" without the -U parameter simply
prompts
for a password for "root" even though I have created a ticket
successfully with kinit.
I have configured krb5.conf and smb.conf with the minimal items.
smb.conf
[global]
workgroup = CPOLDOM
netbios name = BSDWEB
realm = CPOL.DOM
security = ads
encrypt passwords = yes
password server = 192.168.1.10
krb5.conf
[libdefaults]
default_realm = CPOL.DOM
[domain_realm]
.cpol.dom = CPOL.DOM
cpol.dom = CPOL.DOM
[realms]
CPOL.DOM = {
kdc = 192.168.1.10
default_domain = cpol.dom
}
Thanks,
Josh
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Elijah Savage wrote:>I was having the same problem as you decribe with 4.10 version of >freebsd and found a number of reasons why it was not working, but I >manage to find this great walk through and get it working with 5.2.1. > >http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html > >This is quite good. However, the best option is to install 5.3RC2 and use the samba 3.0.7 port in the ports collection. Works VERY well.>Try it and see if it helps and curious what version of freebsd are you >using? > >-----Original Message----- >From: samba-bounces+esavage=digitalrage.org@lists.samba.org >[mailto:samba-bounces+esavage=digitalrage.org@lists.samba.org] On Behalf >Of Josh Kropf >Sent: Tuesday, November 09, 2004 4:47 PM >To: samba@lists.samba.org >Subject: [Samba] Unable to join AD (FreeBSD) > >Hi, > >I am trying to get samba 3.0.7 working with our win2k DC. I installed >samba from the ports collection, so the kerberos library looks to be the >heimdel version. > >I can use kinit to create a ticket and it authenticates against the DC >just fine. However when I attempt to use "net ads join" it fails with >the following response: > >[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) > ads_connect: Unknown error: -1765328343 > >Also note running "net ads join" without the -U parameter simply prompts >for a password for "root" even though I have created a ticket >successfully with kinit. > >I have configured krb5.conf and smb.conf with the minimal items. > >smb.conf > >[global] > workgroup = CPOLDOM > netbios name = BSDWEB > realm = CPOL.DOM > > security = ads > encrypt passwords = yes > password server = 192.168.1.10 > >krb5.conf > >[libdefaults] > default_realm = CPOL.DOM > >[domain_realm] > .cpol.dom = CPOL.DOM > cpol.dom = CPOL.DOM > >[realms] > CPOL.DOM = { > kdc = 192.168.1.10 > default_domain = cpol.dom > } > >Thanks, >Josh > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > > > >
On Tue, Nov 09, 2004 at 04:46:40PM -0500, Josh Kropf wrote: | I am trying to get samba 3.0.7 working with our win2k DC. I installed samba | from the ports collection, so the kerberos library looks to be the heimdel | version. Which version of FreeBSD ? Which version of heimdal ? Are you 100% certain that samba is compiling & linking against krb5? | I can use kinit to create a ticket and it authenticates against the DC just | fine. Once you do that, can you use smbclient -k //someotherCIFSserver/share to connect? (That can help test Samba's krb5 support) Actually, have you tried k5init instead of kinit ? | However when I attempt to use "net ads join" it fails with the | following response: | | [2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) | ads_connect: Unknown error: -1765328343 According to http://unix.newark.rutgers.edu/krb5_error.html that is -1765328343 KRB5KRB_AP_ERR_MODIFIED Message stream modified No idea what triggers that. Cheers, Luke. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20041110/d3134927/attachment.bin
Well yes I would agree now that 5.3 is production release that this is a safe bet. -----Original Message----- From: Thomas M. Skeren III [mailto:tms3@fskklaw.com] Sent: Tuesday, November 09, 2004 6:52 PM To: Elijah Savage Cc: Josh Kropf; samba@lists.samba.org Subject: Re: [Samba] Unable to join AD (FreeBSD) Elijah Savage wrote:>I was having the same problem as you decribe with 4.10 version of >freebsd and found a number of reasons why it was not working, but I >manage to find this great walk through and get it working with 5.2.1. > >http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html > >This is quite good. However, the best option is to install 5.3RC2 and use the samba 3.0.7 port in the ports collection. Works VERY well.>Try it and see if it helps and curious what version of freebsd are you >using? > >-----Original Message----- >From: samba-bounces+esavage=digitalrage.org@lists.samba.org >[mailto:samba-bounces+esavage=digitalrage.org@lists.samba.org] On >Behalf Of Josh Kropf >Sent: Tuesday, November 09, 2004 4:47 PM >To: samba@lists.samba.org >Subject: [Samba] Unable to join AD (FreeBSD) > >Hi, > >I am trying to get samba 3.0.7 working with our win2k DC. I installed >samba from the ports collection, so the kerberos library looks to be >the heimdel version. > >I can use kinit to create a ticket and it authenticates against the DC >just fine. However when I attempt to use "net ads join" it fails with >the following response: > >[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183) > ads_connect: Unknown error: -1765328343 > >Also note running "net ads join" without the -U parameter simply >prompts for a password for "root" even though I have created a ticket >successfully with kinit. > >I have configured krb5.conf and smb.conf with the minimal items. > >smb.conf > >[global] > workgroup = CPOLDOM > netbios name = BSDWEB > realm = CPOL.DOM > > security = ads > encrypt passwords = yes > password server = 192.168.1.10 > >krb5.conf > >[libdefaults] > default_realm = CPOL.DOM > >[domain_realm] > .cpol.dom = CPOL.DOM > cpol.dom = CPOL.DOM > >[realms] > CPOL.DOM = { > kdc = 192.168.1.10 > default_domain = cpol.dom > } > >Thanks, >Josh > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > > > >
Elijah,
Thank you, this walk through was helpful. I am running 5.2.1 and it seems to
allow me to join the domain. I have a few other residual issues but
hopefully I will be able to hammer out those bugs.
Regards,
Josh
-----Original Message-----
From: Elijah Savage [mailto:esavage@digitalrage.org]
Sent: Tuesday, November 09, 2004 6:36 PM
To: Josh Kropf; samba@lists.samba.org
Subject: RE: [Samba] Unable to join AD (FreeBSD)
I was having the same problem as you decribe with 4.10 version of
freebsd and found a number of reasons why it was not working, but I
manage to find this great walk through and get it working with 5.2.1.
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
Try it and see if it helps and curious what version of freebsd are you
using?
-----Original Message-----
From: samba-bounces+esavage=digitalrage.org@lists.samba.org
[mailto:samba-bounces+esavage=digitalrage.org@lists.samba.org] On Behalf
Of Josh Kropf
Sent: Tuesday, November 09, 2004 4:47 PM
To: samba@lists.samba.org
Subject: [Samba] Unable to join AD (FreeBSD)
Hi,
I am trying to get samba 3.0.7 working with our win2k DC. I installed
samba from the ports collection, so the kerberos library looks to be the
heimdel version.
I can use kinit to create a ticket and it authenticates against the DC
just fine. However when I attempt to use "net ads join" it fails with
the following response:
[2004/11/09 16:32:30, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Unknown error: -1765328343
Also note running "net ads join" without the -U parameter simply
prompts
for a password for "root" even though I have created a ticket
successfully with kinit.
I have configured krb5.conf and smb.conf with the minimal items.
smb.conf
[global]
workgroup = CPOLDOM
netbios name = BSDWEB
realm = CPOL.DOM
security = ads
encrypt passwords = yes
password server = 192.168.1.10
krb5.conf
[libdefaults]
default_realm = CPOL.DOM
[domain_realm]
.cpol.dom = CPOL.DOM
cpol.dom = CPOL.DOM
[realms]
CPOL.DOM = {
kdc = 192.168.1.10
default_domain = cpol.dom
}
Thanks,
Josh
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba