Hello list,
I am trying to join a win2k domain with Samba, with security = ads. My
member server is a Debian Etch. I get the following error when trying
to join the domain:
#net ads join -U administrator
administrator's password:
[2007/10/12 12:04:19, 0] libsmb/cliconnect.c:cli_session_setup_spnego(785)
--
Frank Van Damme A: Because it destroys the flow of the conversation
Q: Why is it bad?
A: No, it's bad.
Q: Should I top post in replies to mails or on usenet?
Ok this wasn't supposed to be sent allready... On 10/12/07, Frank Van Damme <frank.vandamme@gmail.com> wrote:> Hello list, > > I am trying to join a win2k domain with Samba, with security = ads. My > member server is a Debian Etch. I get the following error when trying > to join the domain: >#net ads join -U administrator administrator's password: [2007/10/12 12:04:19, 0] libsmb/cliconnect.c:cli_session_setup_spnego(785) Kinit failed: Configuration file does not specify default realm Failed to join domain! -- Frank Van Damme A: Because it destroys the flow of the conversation Q: Why is it bad? A: No, it's bad. Q: Should I top post in replies to mails or on usenet?
On 10/12/07, Dale Schroeder <dale@briannassaladdressing.com> wrote:> > Do you have a krb5.conf containing entries similar to the following? > > > > [libdefaults] > default_realm = DOMAIN.NET > > [realms] DOMAIN.NET = { > kdc = bigserver.domain.net > } > > [domain_realms] > .kerberos.server = DOMAIN.NET Example taken from: > http://www.enterprisenetworkingplanet.com/netos/article.php/3487081Ah-ha, that's what I was missing. FYI under Debian you apparently also need the package krb5-user. Everything seems to work now, I could join the domain, I can create files and chown them to windows users (like DOMAIN+jsixpack). And while drafting this message, I finally got the login-to-the-linux-box working :-) Thanks for your advices. Diving in the wonders of idmapping now... -- Frank Van Damme A: Because it destroys the flow of the conversation Q: Why is it bad? A: No, it's bad. Q: Should I top post in replies to mails or on usenet?