I got the Redhat box working, mostly, except that all users only have user rights on the samba share. Can't seem to get ADS users to have the permisions on Samba shares they have on the 2000 shares. But a huge leap forward for me today. I've been spinning my wheels all week. The article link was most helpful. Now it's onto the FreeBSD boxes, and configuring bind9 to mimic well enough 2000DNS so that the sattelite offices samba servers can authenticate too.
The BSD boxes under kinit are behaving oddly. The laptop keeps responding back with clock skew too great. The FreeBSD server is running bind so, it's not even getting to kerberos, yet.
Thanks again.
Paul Gienger wrote:
I'm going to have to defer to someone with superiour knowledge here, I've only set up ADS membership once, and that was on a test environment.
Two things though, are you specifying your realm as lower case or upper case? I believe you need to it uppercase: FSKLAW.NET Also, what do you get when you run the kinit command from the document?
Tom Skeren wrote:
Thanks for asking Paul.
I decided to see the error message of a net ads join -U admin would be and got: can't find realm. Edited krb5.conf changing kdc = server.fsklaw.net to kerberos.fsklaw.net. I then joined the domain, and in Windows 2000 the computer Linux is their with Opereating system 3.0.3.
However, krb5kdc.log says:
Cannot find/read stored master key - while fetching master key K/M for realm fsklaw.net.
Also, it appears that winbindd will not start. I'm very new to Redhat, so while I have a modest UNIX (BSD) background, I'm a bit of a fish out of water on the Redhat box, so be gentle ;-).
Thanks again Paul
TMS III Paul Gienger wrote:
Have you done any kerberos setup? Whatever steps you have taken there would be helpful as well.
Also, take a look at TOSHARG chapter 6:
http://us2.samba.org/samba/docs/man/howto/domain-member.html#ads-member
Tom Skeren wrote:
O.K. well no one has responded to any requests for help yet. Maybe I'll get lucky this time.
Switched to the Red Hat web server. Configured 3.0.3 --with-ads. Do net ads testjoin, system response:
LINUX@'s password: (type pass) (response)
[2004/05/07 09:49:11, 0] libads/kerberos.c:ads_kinit_password (135)
kerberos_kinit_password LINUX$@ failed: Malformed representation of principal
Join to domain is not valid.
What have I got wrong? Any suggestions would be appreciated.
TMS III
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
