[Samba] Samba 3.0.0 Beta 3: krb5_cc_get_principal failed butJoin to realm successful?
Hiya, as I was not capable of getting only close to join the RC1 of Samba 3.0 to my ADS realm, I downgraded to the Redhat 9.0 rpm version of Samba 3.0 Beta 3 from download.samba.org. With this package I get a lot closer to a working solution. Anyway, Kerberos is not working as supposed during the net ads join process which should leave a bunch of Kerberos credentials in the ticket cache. Not in my case, where the join of the ADS realm seems to be successful (Samba server is visible in Active Directory Users and Computers), but _NO_ Kerberos credetials are available at all due to an error... YES, I have changed the Administrator password after I raised the Win 2003 Server to a Domain Controller! And YES, I already tried RC1 (I compiled the rpms exactly as instructed with the delivered spec file and the affiliated shell script (see post [Samba] Samba 3.0.0 RC1: Unable to find a suitable server)! Once again the process of the successful join to my ADS realm with the missing Kerberos credentials: * SNIP [EMAIL PROTECTED] samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] samba]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 08/20/03 15:31:13 08/21/03 01:31:13 krbtgt/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] samba]# kdestroy [EMAIL PROTECTED] samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] samba]# net ads join -U Administrator Administrator password: [2003/08/20 15:32:11, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267) krb5_cc_get_principal failed (No credentials cache found) Joined 'SAMBA30SRV' to realm 'SAMBA30.TEST' [EMAIL PROTECTED] samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached * SNAP * Any suggestions? Wbr, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 Beta 3: krb5_cc_get_principal failed butJoin to realm successful?
On Wed, Aug 20, 2003 at 06:01:03PM +0200, Axel Suppantschitsch wrote: Hiya, as I was not capable of getting only close to join the RC1 of Samba 3.0 to my ADS realm, I downgraded to the Redhat 9.0 rpm version of Samba 3.0 Beta 3 from download.samba.org. With this package I get a lot closer to a working solution. Anyway, Kerberos is not working as supposed during the net ads join process which should leave a bunch of Kerberos credentials in the ticket cache. Not in my case, where the join of the ADS realm seems to be successful (Samba server is visible in Active Directory Users and Computers), but _NO_ Kerberos credetials are available at all due to an error... YES, I have changed the Administrator password after I raised the Win 2003 Server to a Domain Controller! And YES, I already tried RC1 (I compiled the rpms exactly as instructed with the delivered spec file and the affiliated shell script (see post [Samba] Samba 3.0.0 RC1: Unable to find a suitable server)! Once again the process of the successful join to my ADS realm with the missing Kerberos credentials: I think we do it all on a 'in memory' keytab now, so we don't store it about after the join. If you manually kinit I think it just uses that cache. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.0 Beta 3: krb5_cc_get_principal failed butJoin to realm successful?
Hi Andrew, well, then smbclient //sambaserver/share -k should work if the credentials are in the memory, but it doesn't as it can't find any credentials... The other way round I can't access the samba share from a windows client without being asked for username and password. So both after-ads-join-tests from the Samba documentation have failed in my scenario... Wbr, Axel. I think we do it all on a 'in memory' keytab now, so we don't store it about after the join. If you manually kinit I think it just uses that cache. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba