Greg Scott
2005-Apr-02 03:36 UTC
[Samba] Using the RedHat 9.0 Samba 3.0.13 RPM with Kerberos 1.4 from MIT
Hello - I have a problem where I need to authenticate a RedHat 9.0 system with a Win 2003 domain. After days ot labor and tinkering, I keep getting this error when trying to join my Linux box to the Win2003 Active Directory domain: [root@infra-fw etc]# net ads join -S 10.10.10.100 -U administrator administrator's password: [2005/04/01 21:24:41, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password administrator@INFRASUPPORTETC.COM failed: KRB5 error code 52 [2005/04/01 21:24:41, 0] utils/net_ads.c:ads_startup(191) ads_connect: KRB5 error code 52 Google pointed me to some advice here: http://lists.samba.org/archive/samba/2004-July/090137.html And this quote from John Terpstra:> Only MIT Kerberos 1.3.1 or later will work with Windows 2003 ServerADS. So I downloaded and built the latest and greatest release of MIT Kerberos, krb5 1.4. This all leads up to my question - is there a way for the Samba 3.0.13 RPM to use my newly built release of Kerberos instead of the RPM, or do I need to also build Samba from source? And if I need to build Samba from source, how do I tell the source build to use the 1.4 release of Kerberos instead of the 1.2.7 release bundled with RedHat 9.0? Thanks - Greg Scott GregScott@InfraSupportEtc.com cell phone 651-260-1051
Gerald (Jerry) Carter
2005-Apr-03 23:46 UTC
[Samba] Re: Using the RedHat 9.0 Samba 3.0.13 RPM with Kerberos 1.4 from MIT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg Scott wrote: | This all leads up to my question - is there a way | for the Samba 3.0.13 RPM to use my newly | built release of Kerberos instead of the RPM, or do | I need to also build Samba from source? And if I | need to build Samba from source, how do I tell the | source build to use the 1.4 release of | Kerberos instead of the 1.2.7 release bundled | with RedHat 9.0? You will need to rebuild samba from source. You can set the CFLAGS and LDFLAGS to grab the krb1.4 include and lib directory. you might also want to look at the - -Wl,rpath<dir> directive to encode the library source path in the resulting Samba binaries. Hope this helps. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCUIC7IR7qMdg1EfYRAjfZAJ0TOMqcODHYmiVUV2vaCNLMZ2F21wCdHxR2 eNOIRT+O7agUvZfF71Vvjk4=j72L -----END PGP SIGNATURE-----
Possibly Parallel Threads
- RE: [squid-users] IE improperly prompts for credentials; ntlm_auth with Samba 3.0.13, Squid 2.5.STABLE7, RedHat Linux 9.0, SmartFilter 4.01; ticket number 48293
- Informal HOWTO - transparent authentication and optional outbound web filtering using Samba 3.0.13, Squid 2.5.STABLE7, SmartFilter 4.01, RedHat 9.0 in a Win2003 AD domain
- IE improperly prompts for credentials; ntlm_auth with Samba 3.0.13, Squid 2.5.STABLE7, RedHat Linux 9.0, SmartFilter 4.01
- Smbd 3.0.13 dies when smb.conf has winbind separator = \
- Proxy ARP with a Coyote Point equalizer