hello
have such problems with my samba 3.0.12 @ FreeBSD 5.4
we have an Active Directory here. and a domain.
root@freeway# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[public]"
Processing section "[private]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba Server
security = ADS
log file = /var/log/samba/log.%m
max log size = 1024
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
domain master = No
idmap uid = 20000-30000
idmap gid = 20000-30000
template shell = /usr/sbin/nologin
winbind use default domain = Yes
winbind nested groups = Yes
hosts allow = 192.168.0., 127.
include = /usr/local/etc/smb-shares.conf
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
SWBET.COM = {
kdc = pdc.domain.com
kdc = bdc.domain.com
admin_server = pdc.domain.com
default_domain = domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
root@freeway# kinit sysadmin
sysadmin@SWBET.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
this goes when im entering right password in the win2k event log
event code 675
Pre-authentication failed:
User Name: sysadmin
User ID: DOMAIN\sysadmin
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 192.168.0.1
according to micro$oft kb - preauth failed can be fixed if you set on
account flag "Do not require kerberos preauthentication". user Root is
set
with this flag
root@freeway# kinit
root@DOMAIN.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
^^ here goes no error in MS event log
so, kinit goes with noerror
now, joining domain using root
root@freeway# net ads join -U root
root's password:
[2005/05/31 12:28:19, 0] libads/ldap.c:ads_join_realm(1763)
ads_join_realm: ads_add_machine_acct failed (freeway): Insufficient
access
ads_join_realm: Insufficient access
thats because of this flag.
joining domain using sysadmin - of course fails because of
preathentication fail.
what had i done wrong?
thanks for any help.
hello
have such problems with my samba 3.0.12 @ FreeBSD 5.4
we have an Active Directory here. and a domain.
root@freeway# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[public]"
Processing section "[private]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba Server
security = ADS
log file = /var/log/samba/log.%m
max log size = 1024
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
domain master = No
idmap uid = 20000-30000
idmap gid = 20000-30000
template shell = /usr/sbin/nologin
winbind use default domain = Yes
winbind nested groups = Yes
hosts allow = 192.168.0., 127.
include = /usr/local/etc/smb-shares.conf
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
SWBET.COM = {
kdc = pdc.domain.com
kdc = bdc.domain.com
admin_server = pdc.domain.com
default_domain = domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
root@freeway# kinit sysadmin
sysadmin@SWBET.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
this goes when im entering right password in the win2k event log
event code 675
Pre-authentication failed:
User Name: sysadmin
User ID: DOMAIN\sysadmin
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 192.168.0.1
according to micro$oft kb - preauth failed can be fixed if you set on
account flag "Do not require kerberos preauthentication". user Root is
set
with this flag
root@freeway# kinit
root@DOMAIN.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
^^ here goes no error in MS event log
so, kinit goes with noerror
now, joining domain using root
root@freeway# net ads join -U root
root's password:
[2005/05/31 12:28:19, 0] libads/ldap.c:ads_join_realm(1763)
ads_join_realm: ads_add_machine_acct failed (freeway): Insufficient
access
ads_join_realm: Insufficient access
thats because of this flag.
joining domain using sysadmin - of course fails because of
preathentication fail.
what had i done wrong?
thanks for any help.
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/