Samba 3 as domain member of w2k realm
R.B.
riccardo.baldanzi at libero.it
Thu Nov 18 08:27:51 EST 2004
Hi all,
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[root at proxynode2 squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Program lacks support for encryption type
kinit works fine
I've also changed the Administrator's password for key generation...
what can i check? I have a similar server in the same net that works fine.
I see with ethereal:
5.886351 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
5.887142 192.168.0.10 -> 192.168.0.52 KRB5 KRB Error:
KRB5KDC_ERR_PREAUTH_REQUIRED
5.888002 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
5.889317 192.168.0.10 -> 192.168.0.52 KRB5 AS-REP
It seems that is a kerberos issue... my krb version is 1.2.7-28
any ideas?
Thanks
Riccardo
Here my krb5.conf file:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.NET
dns_lookup_realm = true
dns_lookup_kdc = true
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
[realms]
MYDOMAIN.NET = {
kdc = svr2k10.mydomain.net:88
kdc = svr2k09.mydomain.net:88
kdc = svr2k01.mydomain.net:88
kdc = svr2k20.mydomain.net:88
admin_server = svr2k10.mydomain.net:749
default_domain = MYDOMAIN.NET
}
[domain_realm]
.mydomain = MYDOMAIN.NET
mydomain = MYDOMAIN.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
More information about the Kerberos
mailing list