So I've looked further at this and noticed that samba seams to create
it's own krb5 config-file in
/var/lib/samba/smb_krb5/krb5.conf.PRESIDIO
It seams that if I add custom information to this file it gets
overwritten upon restart of samba.
The contents of this file is
[libdefaults]
defaul
> [r...@presidio3 ~]# net ads join -U Administrator
> Enter Administrator's password:
> [2009/09/23 23:58:48, 0] libads/kerberos.c:ads_kinit_password(362)
> kerberos_kinit_password administra...@garnser.se failed: Cannot find
> KDC for requested realm
> Failed to join domain: failed to connect t
> [r...@presidio3 ~]# net ads join -U Administrator
> Enter Administrator's password:
> [2009/09/23 23:58:48, 0] libads/kerberos.c:ads_kinit_password(362)
> kerberos_kinit_password administra...@garnser.se failed: Cannot find
> KDC for requested realm
> Failed to join domain: failed to connect t
So I reverted back to an old snapshot and gave this a quick test.
Without any kerberos configuration I get the following error-message
when I try to join the domain:
[r...@presidio3 ~]# net ads join -U Administrator
Enter Administrator's password:
[2009/09/23 23:58:48, 0] libads/kerberos.c:ads_ki
Going to try this a bit more tomorrow with a fresh install, please see
inline responses.
I'm thinking that I may have some kerberos stuff hanging around, I
noticed that there's a smb_krb5 directory with kdc data in
/var/lib/samba.
On Wed, Sep 23, 2009 at 11:37 PM, Adam Nielsen wrote:
>> Thanks f
> Thanks for the input Adam,
>
> In my case I've full control of the AD domain and just run net ads
> join which is successful, shows up in AD.
>
> Here's my current config, can you see anything in it that I should
> consider adding or removing?
>
> [global]
>workgroup = PRESIDIO
>passwo
Thanks for the input Adam,
In my case I've full control of the AD domain and just run net ads
join which is successful, shows up in AD.
Here's my current config, can you see anything in it that I should
consider adding or removing?
[global]
workgroup = PRESIDIO
password server = pdc.garnse
> The kerberos stuff is for the PAM auth although I though this was
> necessary for the Samba stuff too.
Winbind is also an alternative for this, by making all the AD users
visible as if they were accounts on the local machine. Having winbind
working is also crucial to being able to grant AD grou
The kerberos stuff is for the PAM auth although I though this was
necessary for the Samba stuff too.
Also, as far as the workgroup-name goes it's true it's the shorter
name but in my case the short name is PRESIDIO.
Could you send me a copy of your config? I'm obviously a bit off
hacking kerberos
> This specific instance is intended to host shares for which users
> authenticate with their AD credentials, the normal authentication for
> the system works fine and so does joining the domain. As mentioned
> earlier initializing kinit and wbinfo returns the expected results and
> the server show
This specific instance is intended to host shares for which users
authenticate with their AD credentials, the normal authentication for
the system works fine and so does joining the domain. As mentioned
earlier initializing kinit and wbinfo returns the expected results and
the server shows up as a
> As it seams the server tries to authenticate as pdc$ rather than
> presidio3$ which is the hostname of the server and the name it's
> registered as. What could the cause of this be?
>
> smb.conf:
>workgroup = PRESIDIO
>password server = pdc.domain.com
>realm = DOMAIN.COM
>securit
Also, looking further at this, shouldn't winbind use the realm rather
than the workgroup for this?
Thanks
/Jonathan
On Wed, Sep 23, 2009 at 11:04 AM, Jonathan Petersson
wrote:
> Hi all,
>
> I've been working on getting Samba to authenticate via ADS for the
> past few weeks with some lack of suc
Hi all,
I've been working on getting Samba to authenticate via ADS for the
past few weeks with some lack of success. I had somewhat of a
breakthrough the other day realizing that the problem was related to
the kerberos authentication between Samba and the Win 2008 R2 AD
server. Trying to fix this
14 matches
Mail list logo