D G Teed wrote: > Thanks very much, Douglas. That did the trick. > I had not understood what realm represented in a dns > style domain. > > It is also confusing that one lists a realm section, > defining it... > > BEER = { > kdc = ADC1.AD.BEERU.CA > }
Sorry, missed that one too. Should be AD.BEERU.CA = { kdc = ADC1.AD.BEERU.CA } It's just that Kerberos doesn't know anything about workgroups in windows and so there shouldn't be any workgroup names in krb5.conf, only DNS names and REALM names. It worked because samba picked up the Kerberos kdc from SRV records in DNS. BEER defines the .BEER realm which doesn't exist. > > But then when providing the realm name in smb.conf, the > handle isn't BEER, but rather the subdomain in > which the AD controller lives. > > Regards, > > --Donald > > On Jan 30, 2008 3:37 PM, Douglas VanLeuven <[EMAIL PROTECTED]> wrote: >> Douglas VanLeuven wrote: >>> D G Teed wrote: >>>> I've been able to use security = ads in smb.conf, and connect OK, >>>> but it must be falling back to domain. When I run net ads join >>>> I get the error (debug trace below): >>>> >>>> ads_connect: No logon servers >>>> >>>> Here is my krb5.conf: >>>> >>>> [logging] >>>> default = FILE:/var/log/krb5libs.log >>>> kdc = FILE:/var/log/krb5kdc.log >>>> admin_server = FILE:/var/log/kadmind.log >>>> [libdefaults] >>>> default_realm = BEER >>>> [realms] >>>> BEER = { >>>> kdc = ADC1.AD.BEERU.CA >>>> } >> Missed this on the last post. >> default realm = AD.BEERU.CA >> >> Doug >> Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba