I'm attempting to get ubuntu to work with an AD 2008 server for
authentication and authorization.
DNS is on a separate unix host, with dns on the windows server as a
non-authoritative source.
It appears that I have a kerberos problem.
What works:
1. kinit user
Password for user at AD.ENGR.WISC.EDU
2. wbinfo -t, wbinfo -u, wbinfo -g all succeed.
What sort-of works:
1. net ads join -U user complains:
DNS update failed!
but net ads testjoin gives:
Join is OK
What fails:
1. wbinfo -K user at AD.ENGR.WISC.EDU
Enter user at AD.ENGR.WISC.EDU's password:
plaintext kerberos password authentication for [user at AD.ENGR.WISC.EDU]
failed (requesting cctype: FILE)
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user [user at AD.ENGR.WISC.EDU] with Kerberos
(ccache: FILE)
2. wbinfo -i user
3. calls to nss, getent passwd, id user (yes I have compat winbind in
nsswitch for passwd and groups)
The nss calls create failed LDAP bind messages in the logs. My sense is
that the failure of the ldap bind is related to the apparent kerberos
problem.
Thanks is advance
Russ Poyner
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: krb5.conf
URL:
<http://lists.samba.org/pipermail/samba/attachments/20100415/f7609853/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hosts
URL:
<http://lists.samba.org/pipermail/samba/attachments/20100415/f7609853/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: smb.conf
URL:
<http://lists.samba.org/pipermail/samba/attachments/20100415/f7609853/attachment-0002.ksh>
