Hi, I have this (Linux) Samba file server, that indeed is a client of a Windows 2000 Server PDC, using Active Directory. I am the Samba machine admin, but not the Windows one. I have to join the Samba machine to the PDC on the 2000 server. I ask the Windows 2000 server admin to come to my Samba machine and insert his login and password to join my machine, but i always get the same error (after my signature, along with other relevant data). I tried: # net ads join -Uzbr at dte.ua.pt What could be causing the error ? Another question.: In the moment of joining the Samba machine to the PDC on the Windows 2000 Server, the Samba daemons must be up or down (i've read contraditory things about this issue) ? Any help would be apreciated. Warm Regards, M?rio Gamito ------------ [root at tux moreira]# # net ads join -Uzbr at dte.ua.pt foobar at foobar.pt's password: [2005/04/06 09:24:16, 0] ads_connect: Cannot find KDC for requested realm [root at tux moreira]# - DTE is the domain name in question. - My Samba server FQDN is tux.dte.ua.pt - My Samba server Netbios name is SRV-TUX-DTE - Windows 2000 server FQDN is srv-dte.dte.ua.pt - Windows 2000 server Netbios name is SRV-DTE - Command i'm using to join the Samba server to w2000 AD PDC: # net ads join -Uzbr at dte.ua.pt (zbr at dte.ua.pt has rights on w2000 to join machines to the domain). My smb.conf: ---------------------------------------- [global] workgroup = DTE netbios name = SRV-DTE-TUX password server = SRV-DTE realm = DTE.UA.PT #os level = 4 #preferred master = yes #domain master = yes local master = yes #KDC server = 193.137.84.81 security = ADS encrypt passwords = yes # domain logons = yes smb passwd file = /usr/local/samba/lib/passwd wins support = no #dns proxy = yes #wins server = 193.136.80.7 wins server = 193.136.172.4 wins proxy = yes #winbind separator = + #idmap uid = 10000-20000 #idmap gid = 10000-20000 #winbind enum users = yes #winbind enum groups = yes #winbind use default domain = yes unix char set = ISO-8859-15 log file = /var/log/samba/%m [homes] comment = Areas pessoais. browseable = yes read only = no guest ok = no create mask = 600 directory mask = 700 [Docentes] comment = Area partilhada para Docentes. path = /home/Docentes writeable = yes guest ok = no force group = profs create mask = 660 directory mask = 770 [Secretaria] comment = Area partilhada para os funcion?rio da secretaria. path=/home/Secretaria writeable = yes guest ok = no force group = secretaria create mask = 660 directory mask = 770 [Comum] comment = Area partilhada para funcion?rios e Docentes. path = /home/Comum writeable = yes guest ok = no create mask = 666 directory mask = 777 ------------------------------------
On Wed, 2005-04-06 at 11:19 +0100, M?rio Gamito wrote:> Hi, > > I have this (Linux) Samba file server, that indeed is a client of a > Windows 2000 Server PDC, using Active Directory. > > I am the Samba machine admin, but not the Windows one. > > I have to join the Samba machine to the PDC on the 2000 server. > > I ask the Windows 2000 server admin to come to my Samba machine and > insert his login and password to join my machine, but i always get the > same error (after my signature, along with other relevant data). > > I tried: > > # net ads join -Uzbr at dte.ua.pt > > What could be causing the error ? > > Another question.: > In the moment of joining the Samba machine to the PDC on the Windows > 2000 Server, the Samba daemons must be up or down (i've read > contraditory things about this issue) ? > > Any help would be apreciated. > > Warm Regards, > M?rio Gamito > ------------ > [root at tux moreira]# # net ads join -Uzbr at dte.ua.pt > foobar at foobar.pt's password: > [2005/04/06 09:24:16, 0] > ads_connect: Cannot find KDC for requested realm > [root at tux moreira]#Mario- Have you fixed your /etc/krb5.conf to reflect your AD domain? Can you kinit as zbr? I had a similar problem with kinit, and it turned out that I had not fully configured my krb5.conf to reflect our AD domain (still had some references to EXAMPLE.COM .. d'oh :) Hope that helps, Sean -- Sean O'Connell Office of Engineering Computing oconnell at soe.ucsd.edu Jacobs School of Engineering, UCSD 858.534.7916 (47916)