P V
2005-Aug-11 18:53 UTC
[Samba] kerberos_kinit_password host/SUNDEV@LEXI.COM.MX failed: Client not found in Kerberos database
I'm using Solaris 8, samba 3, kerberos and
openldap. I'm anexing: log.smbd, smb.conf, krb5.conf,
nsswitch.conf and the ktpass command in AD.
Somebody can help me?
I get this output in log.smbd:
-----------------------------------
[2005/08/11 12:41:45, 0] smbd/server.c:main(802)
smbd version 3.0.20rc1 started.
Copyright Andrew Tridgell and the Samba Team
1992-2004
[2005/08/11 12:41:45, 0]
libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password host/SUNDEV@LEXI.COM.MX
failed: Client not found in K
erberos database
[2005/08/11 12:41:45, 0]
printing/nt_printing.c:nt_printing_init(636)
nt_printing_init: error checking published printers:
WERR_ACCESS_DENIED
--------------------------------------------
I've configured smb.conf with this data:
-------------------
[global]
# general options
workgroup = LEXI2K
netbios name = SUNDEV
# winbindd configuration
# default winbind separator is \, which is good if
you
# use mod_ntlm since that is the character it
uses.
# users only need to know the one syntax
# winbind separator = +
# idmap uid and idmap gid are aliases for
# winbind uid and winbid gid, respectively
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
# Active directory joining
# "ads server" is only necessary if your kdc
# can't be located using /etc/krb5.conf --
JamesSpooner
#
# Note that more recent Samba versions have
renamed "ads server"
# to "password server", so if /var/log/messages
reports
# 'Unknown parameter encountered: "ads server"' on
restart,
# change 'ads' to 'password' -- ChetHosey
#
# ads server = test1.thinclient.test.org
security = ads
# encrypt passwords = yes is now default in Samba3
-- Enigma
encrypt passwords = yes
realm = lexi.com.mx
# this handles the "ads server = " directive as
well -- Enigma
password server = lexidc.flexi.com.mx
[shared1]
comment = Datos compartidos
path = /home/Samba
force user = Administrator
browseable = yes
----------------------------------------
The krb5.conf file is this:
-------------
[libdefaults]
ticket_lifetime = 24000
default_realm = LEXI.COM.MX
#default_tgs_enctypes = des-cbc-crc
des-cbc-md5
#default_tkt_enctypes = des-cbc-crc
des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
LEXI.COM.MX = {
kdc = lexidc.lexi.com.mx
admin_server = lexidc.lexi.com.mx
default_domain = lexi.com.mx
}
[domain_realm]
.lexi.com.mx = LEXI.COM.MX
lexi.com.mx = LEXI.COM.MX
.lexi2k = LEXI.COM.MX
lexi2k = LEXI.COM.MX
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
admin_server = FILE:/var/krb5/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated
no more
# often than the period, and less often if the KDC is
not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around
(kdc.log.0, kdc.log.1, ...)
versions = 10
}
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
------------------------
The nsswitch.conf is this:
---------------
passwd: files winbind
group: files winbind
hosts: files wins
shadow: files winbind
...
------------------------
The instruction in the ActiveDirectory Domain
Controller was:
C:\temp>ktpass -princ
host/sundev.flexi.com.mx@FLEXI.COM.MX -mapuser SUNDEV
-pass password -out sundev.keytab
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
Possibly Parallel Threads
Wisdom of the Ancients
