Hello,
I am trying to join a Samba 3.0.24 server into an ADS domain, which is
served by two Windows 2003 servers (let's say srv1.domain.local (192.168.1.1)
and srv2.domain.local (192.168.1.4)). I am running Samba on a FreeBSD 6.2
machine and I have established an OpenVPN connection to the ADS network
(tunneling). I have this in my resolv.conf:
------------------------------------------------------------------------
search domain.local
nameserver 192.168.1.1
nameserver 192.168.1.4
------------------------------------------------------------------------
I also have this in my /etc/hosts:
------------------------------------------------------------------------
127.0.0.1 localhost localhost.my.domain
192.168.1.1 srv1.domain.local srv1
192.168.1.4 srv2.domain.local srv2
------------------------------------------------------------------------
and I have this in my krb5.conf:
------------------------------------------------------------------------
[libdefaults]
default_realm = DOMAIN.LOCAL
[realms]
DOMAIN.LOCAL = {
kdc = srv1.domain.local
}
[domain_realms]
.domain.local = DOMAIN.LOCAL
------------------------------------------------------------------------
And these are the relevant parameters in smb.conf:
------------------------------------------------------------------------
security = ADS
netbios name = BONAPARTE
server string = BONAPARTE Samba server
workgroup = INFRAX
realm = DOMAIN.LOCAL
local master = yes
preferred master = yes
wins server = 192.168.1.1 192.168.1.4
password server = srv1
------------------------------------------------------------------------
However, when I try to "kinit", I get this:
[EMAIL PROTECTED]:~# kinit [EMAIL PROTECTED]
[EMAIL PROTECTED]'s Password:
kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP
and when I try to "net ads join" into the domain, I get this:
[EMAIL PROTECTED]:~# net ads join -U Administrator%password
[2007/07/10 08:54:38, 0] libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password [EMAIL PROTECTED] failed: Response too big for UDP,
retry with TCP
[2007/07/10 08:54:38, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Response too big for UDP, retry with TCP
I am really stumped here. I have tried to change the kdc entry in krb5.conf
like this:
[realms]
DOMAIN.LOCAL = {
kdc = tcp/srv1.domain.local
}
but no luck either. FreeBSD 6.2 has Heimdal Kerberos 0.6.3 in it's base
system, I guess this is OK.
Let me also tell you also this: we firstly had a Windows 2000 server and
a Windows 2003 servers as srv1 and srv2, but then we replaced the
2000 with another 2003. This BSD box is a new server as well, previously
I had FreeBSD 5.4 (Samba 3.0.22) and I was ABLE to join it into the ADS
(via the Win2000 server). There is no computer account in the ADS for the
BSD box anymore, so I am trying to create it again (by joining it into the
domain).
Any ideas?
Thanks,
Nejc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
