samba - Mar 2007 - Authentify User again Windows 2003 Active Directory

Hello List,
 
I'm running Samba 3.0.14a-Debian.
I want to authentifcate the Users again the Windows Active Directory,
but it will not works fine.
 
I've joined the Active Directory without problems.
net join -S sfmdc004 -UP7812%password
 
When I check a user on the CLI it seems to work
 
SFPDF053:~# kinit P7812
P7812@STBS1.STBS.ORG's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
kinit: converting creds: Cannot contact any KDC for requested realm

But what is about the last message ? Cannot contact any KDC ?
 
 
Here is my config smb.conf:
 

	#======================= Global Settings ======================	[global]
	   workgroup = STBS1
	   server string = SFPDF084
	   netbios name = SFPDF084
	   comment = PDF-Server
	   security = ADS
	   domain master = no
	   domain logons = no
	   preferred master = no
	   local master = no
	   log file = /var/log/samba/log.%m
	   realm=STBS1.STBS.ORG
	   wins server = 10.10.4.21
	   wins support = no
	   winbind uid = 10000-19999
	   winbind gid = 10000-19999
	   idmap uid = 10000-20000
	   idmap gid = 10000-20000
	   winbind enum users = No
	   winbind enum groups = No
	   winbind use default domain = No
	   algorithmic rid base = 10000
	   nis homedir = true
	   invalid users = root
	   max log size = 1000
	   socket options = TCP_NODELAY
	   encrypt passwords = yes
	   os level = 64
	   obey pam restrictions = yes
	   printing = cups
	   printcap = cups
	   load printers = yes
	   name resolve order = hosts lmhosts wins bcast
	   passdb backend = tdbsam
	 
	#======================= Share Definitions
======================	 
	[treiber]
	    path = /var/www/treiber
	    comment = Treiberordner
	    public = Yes
	    writable = Yes
	    browsable = yes
	    create mask = 0777
	    directory mask = 0777


 
and here /etc/krb5.conf
 

	[libdefaults]
	    default_realm = STBS1.STBS.ORG
	    dns_lookup_realm = false
	[realms]
	    STBS1.STBS.ORG = {
	                    kdc = tcp/sfmdc004.stbs1.stbs.org
	                    admin_server = sfmdc004.stbs1.stbs.org
	    }
	 
	[domain_realm]
	    .stbs.org = STBS1.STBS.ORG
	    .stbs1.stbs.org = STBS1.STBS.ORG
	

 
With Kind regards 
 
Dominik

Weber, Dominik schrieb:
> Hello List,
>  
> I'm running Samba 3.0.14a-Debian.
> I want to authentifcate the Users again the Windows Active Directory,
> but it will not works fine.
>  
> I've joined the Active Directory without problems.
> net join -S sfmdc004 -UP7812%password
>  
> When I check a user on the CLI it seems to work
>  
> SFPDF053:~# kinit P7812
> P7812@STBS1.STBS.ORG's Password:
> kinit: NOTICE: ticket renewable lifetime is 1 week
> kinit: converting creds: Cannot contact any KDC for requested realm
> 
> But what is about the last message ? Cannot contact any KDC ?
>  
>  
> Here is my config smb.conf:
>  
kinit ist not samba so:
[SNIP]
>  
> and here /etc/krb5.conf
>  
> 
> 	[libdefaults]
> 	    default_realm = STBS1.STBS.ORG
> 	    dns_lookup_realm = false
> 	[realms]
> 	    STBS1.STBS.ORG = {
> 	                    kdc = tcp/sfmdc004.stbs1.stbs.org
> 	                    admin_server = sfmdc004.stbs1.stbs.org
> 	    }
> 	 
> 	[domain_realm]
> 	    .stbs.org = STBS1.STBS.ORG
> 	    .stbs1.stbs.org = STBS1.STBS.ORG
> 	
> 
>  
> With Kind regards 
>  
> Dominik
sfmdc004.stbs1.stbs.org resolves 4 ip addresses.
3 of them in the same subnet. Are you shure that all are the same machine?
Perhaps you could use an ip address in the krb5.conf.

Bye,
~ Martin

-- 
Martin Zielinski             mz@seh.de
Software Development
SEH Computertechnik GmbH     www.seh.de