Currently running CVS of SAMBA 3.1 - pulled down last night.
The Samba machine is joining the domain (or so it reports) but it doesn't
show
up in AD Users & Computers. Attempting to browse the Samba computer from
Windows (Advanced Server 2000) fails with password/username failures. Here
is the output from "net ads join -U administrator". Yes, this is
showing
that I was already joined to the domain.
root@web:~# net ads testjoin -U administrator
Join is OK
root@web:~# net ads join -U administrator
administrator password:
[2003/11/08 10:38:55, 0] libads/ldap.c:ads_join_realm(1308)
Host account for web already exists - deleting old account
Using short domain name -- RONGAGEHOME
Joined 'WEB' to realm 'RONGAGEHOME.COM'
The Domain Controller is Windows 2000 Advanced Server. NOT Server 2003!
Here is the contents of /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm = RONGAGEHOME.COM
forwardable = true
proxiable = true
[realms]
RONGAGEHOME.COM = {
kdc = intel.rongagehome.com
default_domain = rongagehome.com
}
[domain_realm]
.rongagehome.com = RONGAGEHOME.COM
rongagehome.com = RONGAGEHOME.COM
Here is the contents of /usr/lib/smb.conf:
[global]
workgroup = rongagehome
realm = rongagehome.com
server string = Samba Server
; hosts allow = 192.168.1. 192.168.2. 127.
; load printers = yes
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = bsd
; guest account = pcguest
log file = /var/log/samba.%m
max log size = 50
security = ads
; password server = <NT-Server-Name>
encrypt passwords = yes
; include = /usr/local/samba/lib/smb.conf.%m
socket options = TCP_NODELAY
; interfaces = 192.168.12.2/24 192.168.13.2/24
; local master = no
; os level = 33
; domain master = yes
; preferred master = yes
; domain logons = yes
; logon script = %m.bat
; logon path = \\%L\Profiles\%U
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = no
#============================ Share Definitions
=============================[homes]
comment = Home Directories
browseable = no
writable = yes
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
Yes, I know there are no shares actually defined. We aren't at that point
yet.
Here is the output of klist -e:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@RONGAGEHOME.COM
Valid starting Expires Service principal
11/08/03 10:35:57 11/08/03 20:36:01 krbtgt/RONGAGEHOME.COM@RONGAGEHOME.COM
renew until 11/09/03 10:35:57, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
11/08/03 10:38:57 11/08/03 20:36:01 intel$@RONGAGEHOME.COM
renew until 11/09/03 10:35:57, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Any ideas on what I am doing wrong here?
--
Ron Gage - LPIC1, A+, Net+
Pontiac, Michigan