--> Behalf Of Michael Brown --> Sent: Friday, February 20, 2004 1:37 AM --> > The path I got was /root/krb5-1.3.1/src/configure, but no --> > mater. In order to --> --> Sorry, I should have said -> --> # cd krb5-1.3.1/src --> # configure --prefix=/usr --> # make & make install --> # ls /usr/bin/kinit --> kinit
Ran the "configure --prefix=/usr" again (as I'd removed and reinstalled all the Samba packages) just to make sure and it worked fine. The "make & make install" worked much better with this syntax. Still no kinit though! And the "net ads join" still fails the same way, although I tried many variations on it. At one point a new domain showed up in the Windows Network Neighborhood, but with no computers in it, a tweak/correction of "/etc/smb.conf" fixed that. "testparm" doesn't seem to find any errors with "/etc/smb.conf". I tried with the default 'example' "/etc/krb5.conf" and also with one with my specific settings. Based on the error message it would seem that my Kerberos client is not working, right? [EMAIL PROTECTED] root]# ls /usr/bin/kinit ls: /usr/bin/kinit: No such file or directory [EMAIL PROTECTED] root]# cd /usr/bin [EMAIL PROTECTED] bin]# ls k* kban kbdrate kermit kill killall krb524init ktest [EMAIL PROTECTED] bin]# locate kinit /root/krb5-1.3.1/doc/kinit.html /root/krb5-1.3.1/src/clients/kinit /root/krb5-1.3.1/src/clients/kinit/Makefile.in /root/krb5-1.3.1/src/clients/kinit/ChangeLog /root/krb5-1.3.1/src/clients/kinit/kinit.M /root/krb5-1.3.1/src/clients/kinit/kinit.c /root/krb5-1.3.1/src/clients/kinit/Makefile /root/krb5-1.3.1/src/clients/kinit/TV /usr/share/man/man8/mkinitrd.8.gz /usr/share/ghostscript/7.07/vflib/kinit.ps /sbin/mkinitrd [EMAIL PROTECTED] bin]# cd [EMAIL PROTECTED] root]# net ads join -U adminzas adminzas password: [2004/02/21 11:21:45, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# ping imediamsft PING imediamsft.imedia.example.com (10.1.1.42) 56(84) bytes of data. 64 bytes from imediamsft.imedia.example.com (10.1.1.42): icmp_seq=0 ttl=128 time=0.162 ms 64 bytes from imediamsft.imedia.example.com (10.1.1.42): icmp_seq=1 ttl=128 time=0.200 ms 64 bytes from imediamsft.imedia.example.com (10.1.1.42): icmp_seq=2 ttl=128 time=0.199 ms --- imediamsft.imedia.example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.162/0.187/0.200/0.017 ms, pipe 2 [EMAIL PROTECTED] root]# "/etc/krb5.conf" specifies imediamsft.imedia.example.com as the KDC, and this machine can see it, and actually has for it's DNS1 and DNS2 the two AD integrated LAN DNS servers. The machine ImediaArchive shows up in the Windows Network Neighborhood as a domain/workgroup member (due to the "/etc/smb.conf" file?) but when clicked on gets an error I guess is due to it not having a machine account in AD. Why doesn't the kerberos-workstation rpm work? Do I need a "/etc/krb5.conf" if using the MIT Kerberos client? I do have valid looking DNS records for the Microsoft Kerberos servers. Do I need to compile of 'make' something in the "/root/krb5-1.3.1/src/clients/kinit" directory to get the "kinit" command? --> It would be prudent to then install a recent version of --> cyrus-sasl to insure an --> gss-api layer for auth when trying against ms-ad. Hopefully I will move forward enough to get to this stuff later... --> Hope this helps. --> --> Michael Brown -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba