RE: [Samba] winbindd: krb5_cc_get_principal failed
On Wed, 2003-10-15 at 08:05, Gavin Davenport wrote: wbinfo --set-auth-user=Administrator%password NEVER do this. There is never a good reason to do this. The wbinfo command is for NT4 trusted domains, that are running 'restrict anonymous'. If you are joined with ADS, and there are ADS trusts to these machines, then Samba can use kerberos, and never needs a 'wbinfo' user. Even when you do need a 'wbinfo user', it does not need any special powers - only those given to *every* user. So add a new, boring, unprivileged user. That password is stored clear-text, in secrets.tdb. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbindd: krb5_cc_get_principal failed
Well, I've got the three tickets now, but there is still the error in winbindd.log: [2003/10/14 10:34:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) Cheers, Axel. Quoting Gavin Davenport [EMAIL PROTECTED]: It sounds like : make sure you've 'left' the domain (net ads leave) kinit as the domain admin user. klist should list you one ticket. Then net join ads (no parameters) this should use the (cached) Domain Administrator ticket to handle smb logins. you should now have 3 tickets listed in klist. Any help ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Axel Suppantschitsch Sent: 13 October 2003 14:31 To: [EMAIL PROTECTED] Subject: [Samba] winbindd: krb5_cc_get_principal failed Hiya, I'm using Fedora Test 2 and Samba 3.0.0-15 packages from Redhat/Fedora rawhide with a Windows 2003 Server. I'm also using MIT Kerberos 1.3.1. Everytime winbindd ist started, it writes following error into /var/log/samba/winbindd.log: [2003/10/13 10:13:40, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0-15 started. Copyright The Samba Team 2000-2003 [2003/10/13 10:13:41, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain SAMBA30 SAMBA30.TEST [2003/10/13 10:13:41, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/10/13 10:13:42, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list How can I get rid of this libsmb/clikrb5.c:ads_krb5_mk_req(269) error? Cheers, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
