Tom Skeren
2004-May-28 18:07 UTC
[Samba] To all with FreeBSD 5.2.1 and net ads join problems
If your getting kinit problems with net ads join (don't bother with
testjoin-it will error out no matter), do the following:
1. Change an administrators password, especially if you upgraded from
NT 4.
2. Create a krb5.conf file int /etc that looks like this:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = YOURDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
FSKLAW.NET = {
kdc = kerberos.yourdomain.com
admin_server = servername.yourdomain.com
default_domain= yourdomain.com
}
[domain_realm]
.kerberos.server = KERBEROS.FSKLAW.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
3. Test kinit: kinit SOMEADMIN@YOURDOMAIN.COM enter new password.
You should be at a prompt. You'll get nothing if it's working.
4. Join the domain. net ads --user=someadmin join. Enter password.
You should get some message telling you you were successfull. Check out
the Win2k machine. The samba name of your Unix box should be in active
directory users and computers, in computers. Double click the listing
and check version. It should say the OS is Samba 3.0.x. Your in,
mostly at this point.
Hope this helps, I've been at this three weeks now.
TMS III
Reasonably Related Threads
- ADS Authentication
- ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
- ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requested realm
- authentication against win2k3 server
- Tom Skeren has a misconfigured server
Wisdom of the Ancients
