samba - Aug 2003 - Samba 3.0.0 Beta 3: "krb5_cc_get_principal failed" but "Join to realm" successful?

Hiya,

	as I was not capable of getting only close to join the RC1 of
Samba 3.0 to my ADS realm, I downgraded to the Redhat 9.0 rpm version of
Samba 3.0 Beta 3 from download.samba.org.

With this package I get a lot closer to a "working solution". Anyway,
Kerberos is not working as supposed during the "net ads join" process
which should leave a bunch of Kerberos credentials in the ticket cache.
Not in my case, where the join of the ADS realm seems to be successful
(Samba server is visible in "Active Directory Users and Computers"),
but
_NO_ Kerberos credetials are available at all due to an error...
YES, I have changed the Administrator password after I "raised" the
Win
2003 Server to a Domain Controller! And YES, I already tried RC1 (I
compiled the rpms exactly as instructed with the delivered spec file and
the affiliated shell script (see post "[Samba] Samba 3.0.0 RC1: Unable
to find a suitable server")!

Once again the process of the "successful join" to my ADS realm with
the
missing Kerberos credentials:

***** SNIP ****
[root@samba30srv samba]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root@samba30srv samba]# kinit Administrator@SAMBA30.TEST
Password for Administrator@SAMBA30.TEST:
[root@samba30srv samba]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@SAMBA30.TEST

Valid starting     Expires            Service principal
08/20/03 15:31:13  08/21/03 01:31:13  krbtgt/SAMBA30.TEST@SAMBA30.TEST


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root@samba30srv samba]# kdestroy
[root@samba30srv samba]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root@samba30srv samba]# net ads join -U Administrator
Administrator password:
[2003/08/20 15:32:11, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267)
  krb5_cc_get_principal failed (No credentials cache found)
  Joined 'SAMBA30SRV' to realm 'SAMBA30.TEST'
[root@samba30srv samba]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

***** SNAP *****

Any suggestions?

Wbr,

Axel.

On Wed, Aug 20, 2003 at 06:01:03PM +0200, Axel Suppantschitsch
wrote:
> Hiya,
> 
> 	as I was not capable of getting only close to join the RC1 of
> Samba 3.0 to my ADS realm, I downgraded to the Redhat 9.0 rpm version of
> Samba 3.0 Beta 3 from download.samba.org.
> 
> With this package I get a lot closer to a "working solution".
Anyway,
> Kerberos is not working as supposed during the "net ads join"
process
> which should leave a bunch of Kerberos credentials in the ticket cache.
> Not in my case, where the join of the ADS realm seems to be successful
> (Samba server is visible in "Active Directory Users and
Computers"), but
> _NO_ Kerberos credetials are available at all due to an error...
> YES, I have changed the Administrator password after I "raised"
the Win
> 2003 Server to a Domain Controller! And YES, I already tried RC1 (I
> compiled the rpms exactly as instructed with the delivered spec file and
> the affiliated shell script (see post "[Samba] Samba 3.0.0 RC1: Unable
> to find a suitable server")!
> 
> Once again the process of the "successful join" to my ADS realm
with the
> missing Kerberos credentials:
I think we do it all on a 'in memory' keytab now, so we don't store
it about
after the join.

If you manually kinit I think it just uses that cache.

Andrew Bartlett