Dear all,
I downloaded samba3.0-alpha21 and followed each step in
"ADS-HOWTO.txt".
But mapping a network directory from a Windows client failed (step 4:
Test your server setup).
(Succeeded in other steps.... Including step 5)
Only local users in the samba server can access the share folder.
(Please refer to the smb.conf listed below...)
And "#kadmin -p administrator" fails with the error message:
"kadmin: Database error! Requeired KADM5 principal missing while
initializing kadm in interface"
My configurations are as followed:
Kernel : Linux 2.4.18
Krb5-devel & krb5-lib & krb5-workstation : 1.2.4-1
Openldap-devel : 2.0.23-4
/usr/local/samba/lib/smb.conf --
[home]
comment = root directory
path = /home
writeable = yes
browsable = yes
guest ok = no
write list = root,administrator #administrator is a
Win2K user
read list
/etc/krb5.conf --
[libdefaults]
default_realm = CATHQ.COM.TW
[realms]
CATHQ.COM.TW = {
kdc = 172.16.21.120
admin_server = 172.16.21.120
kpasswd_server = 172.16.21.120
default_domain = cathq.com.tw
v4_realm = cathq
}
[domain_realm]
cathq.com.tw = CATHQ.COM.TW
/etc/hosts --
172.16.21.120 catad.cathq.com.tw CATAD.CATHQ.COM.TW
My scripts before starting smbd & nmbd are :
...
/usr/kerberos/bin/kinit administrator@CATHQ.COM.TW
net ads join
....
Executing "#klist -e" result:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@CATHQ.COM.TW
Valid starting Expires Service principal
02/12/03 16:08:32 02/13/03 02:07:26
krbtgt/CATHQ.COM.TW@CATHQ.COM.TW
Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc
mode with RSA-MD5
02/12/03 16:07:27 02/13/03 02:07:26 ldap/catad@CATHQ.COM.TW
Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc
mode with RSA-MD5
02/12/03 16:07:27 02/13/03 02:07:26
kadmin/changepw@CATHQ.COM.TW
Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc
mode with RSA-MD5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Any information I didn't provide??
@@"
Please help me!!
It seems to be easy but I just cannot figure out why!???
Thanks a lot in advance!!
Catherine
On Wed, Feb 12, 2003 at 07:28:55PM +0800, Catherine Shen wrote:> And "#kadmin -p administrator" fails with the error message: > "kadmin: Database error! Requeired KADM5 principal missing while > initializing kadm in interface"kadmin? Don't you mean kinit?
You mean the authentication or the changing password part?? Are they not supported at all?? I assumed that a Samba 3.0 server joining Win2K domain means that it can authenticate a Win2k domain user. Thus the user can map a network share folder which locates in the Samba 3.0 server. Changing user passwords via the Samba 3.0 server is just a minor thing compared to the authenticating part...... Thanks! Catherine -----Original Message----- From: Andreas [mailto:andreas@conectiva.com.br] Sent: Thursday, February 13, 2003 7:59 PM To: Catherine Shen Subject: Re: [Samba] Samba 3.0 AD usage problems Well, that I didn't try yet... On Thu, Feb 13, 2003 at 08:33:14AM +0800, Catherine Shen wrote:> Well, kinit works fine. (no error message, at least) > And klist does list some tickets after kinit. > But I cannot map a network share folder via Win2K domain user. That's > why I tried kadmin to check if I can change user password on the Samba> Server. (Maybe it wasn't meant to do it???) > > I'd like to authenticate a Win2K user and maybe also change users on > the Samba site. Is it possible?? > > Catherine > > -----Original Message----- > From: Andreas [mailto:andreas@conectiva.com.br] > Sent: Wednesday, February 12, 2003 8:18 PM > To: Catherine Shen > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba 3.0 AD usage problems > > > On Wed, Feb 12, 2003 at 07:28:55PM +0800, Catherine Shen wrote: > > And "#kadmin -p administrator" fails with the error message: > > "kadmin: Database error! Requeired KADM5 principal missing while > > initializing kadm in interface" > > kadmin? Don't you mean kinit?