Russell Davies
2006-Aug-30 07:04 UTC
[Samba] joining to domain breaks kerberos authentication
Hi All,
I'm running samba-3.0.23b compiled on a Solaris 10
system compiled against MIT kerberos. I am experiencing
odd behaviour where joining the machine to the domain
using 'net rpc join' seems to break the kerberos principal
tickets and regular user authentication via kerberos ceases
to work.
My smb.conf is fairly minimal;
[global]
use kerberos keytab = yes
unix charset = LOCALE
realm = <realmname>
workgroup = <workgroupname>
security = ADS
log level = 1
syslog = 0
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
Some research on the internet and the man page suggests that the
'use kerberos keytab' directive should prevent this from happening
but unfortauntely a net rpc join breaks authentication despite this
setting.
If anyone has a suggestion, help at this point would be appreciated.
regards,
r.
Gerald (Jerry) Carter
2006-Aug-30 17:05 UTC
[Samba] joining to domain breaks kerberos authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Russell Davies wrote:> Hi All, > > I'm running samba-3.0.23b compiled on a Solaris 10 > system compiled against MIT kerberos. I am experiencing > odd behaviour where joining the machine to the domain > using 'net rpc join' seems to break the kerberos principal > tickets and regular user authentication via kerberos ceases > to work.'net rpc join' does not register the machine SPN values in AD. If you specify 'security = ads', then use 'net ads join' (or even 'net join' will do the right thing). cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9cVHIR7qMdg1EfYRAitKAJ0StgsLy1QSN+apvGRrCD/Zl/YsBgCg8o+3 JHG6U65xTVufrHZiQbM7QnM=wAE7 -----END PGP SIGNATURE-----