Hi everybody,
Me and a lot of people around in the list we are having the following
problem for sometime without solution.
I'd like to join Win2000 AD with Samba. I have samba-3.0.1pre3-1
compiled with the last kerberos support (1.3.1). The steps I do are:
1. Leave the AD (if it was registered before)
net ads leave
2. I open a kerberos session with the Administrator user
kinit Administrator@MI-REALM.LOCAL
Password: ????
3. I newly join the AD using the kerberos session opened
net ads join
It succeds and after this I have three kerberos tickets however in
the winbindd.log I see the following error message, which I don't like
and I think that's the source of the problem:
[2003/11/24 11:00:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
4. Everything seems to work: wbinfo -u , wbinfo -g , getent passwd ,
getent groups and wbinfo -t
5. Also it works the access to any share in the network from my Linux
box without having to authenticate:
smbclient //Server-Name/share -k
6. However, trying to access from other windows workstation (Win2k or
WinXP) to the shares on my Linux box it asks me for a user and password
and I get the following error message in the log:
[2003/11/25 08:47:05, 1] smbd/sesssetup.c:reply_spnego_kerberos(210)
Username (null) is invalid on this system
But if I mount the share with IP address it works, however using the
netbios name of my Linux box it doesn't. Very strange, isn't it ?
Any help will be greatly appreciate.
Thanks in advance,
Fernando.
=========== smb.conf file ==========# Global parameters
[global]
workgroup = HGUV
realm = HGUV.LOCAL
server string = %h server (Samba %v)
security = ADS
password server = 10.36.192.24
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
printing = lprng
[homes]
comment = Home Directories
path = /home/%U
valid users = %D+%U
read only = No
create mask = 0664
directory mask = 0775
browseable = No
====================================
=============== krb5.conf ==========[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HGUV.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
HGUV.LOCAL = {
kdc = 10.36.192.24:88
admin_server = 10.36.192.24:749
}
[domain_realm]
.hguv.local = HGUV.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
====================================
--
Yo uso software libre, ?Y tu?
?Qu? es el software libre? consulta:
http://www.gnu.org/philosophy/free-sw.es.html
Fernando Ruza
e-mail: feruza@terra.es
web: http://guada24.guadawireless.net
Tlf: 661123845
Yahoo! Messenger id: fruza
Linux user: #273644 (http://counter.li.org)
Debian Sid (Kernel 2.4.20 & ext3)
"In an internet without fences ... who needs 'gates'"
