Hi Thomas, Today Thomas Werschlein wrote:
> Hi Tobi > > On 16.09.2013, at 22:56, Tobias Oetiker <t...@oetiker.ch> wrote: > > > I am trying to use samba/winbind to hook up our omnios box to an AD > > server. After some fiddleling, I managed to compile samba + > > openldap linked to the system krb5 libraries ... > > > > Running kclient to configure kerberos seems to work fine, but when runnning > > net ads join, > > I get: > > > > ----------------------------------------------------------------------------------------- > > # net ads join -S ad-server -U Administrator > > Enter Administrator's password: > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Error in the PKCS 11 > > library calls > > Failed to join domain: failed to connect to AD: Error in the PKCS 11 > > library calls > > ----------------------------------------------------------------------------------------- > > > > the thing seems to be hung up on some soft tokens, and it does also > > not seem able to find the kerberos key cache ... > > > > anyone running such a setup on omnios who could give me a hint ? > > We are running such a setup for quite some time now. > > The comment in our Chef recipe for kerberos5 reads: > "Used to *run* samba3. You can successfully compile samba with the krb5 that > ships with OmniOS, but will not be able to 'net ads join'" > > IIRC it was also the PKCS 11 library calls error that lead us to compile > kerberos ourselves. :-) glad to hear I didn't do something wrong ... > We are using krb5-1.11.1 right now and build it straight forward. ah ... ok ... today I have experimented with the built in cifs support, and it workes like charm ... here is what I did the only tricky bit was, that I had to set # sharectl set -p lmauth_level=4 smb to make samba join with the 2012 ads server > Currently we are using samba-3.6.18 and are compiling gamin > 0.1.10 (to build the samba module 'notify_fam', with patches from > Opensolaris and others to use FEN) and openldap 2.4.34 (plain > vanilla) as prerequisites, too. cool ... do you run a pkg repo and publish your scripts ? my stuff is on https://github.com/oposs/pkg.oetiker.ch-build cheers tobi -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland http://it.oetiker.ch t...@oetiker.ch ++41 62 775 9902 / sb: -9900 _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss