opensubscriber
   Find in this group all groups
 
Unknown more information…

k : kerberos@mit.edu 18 November 2004 • 9:27PM -0500

Samba 3 as domain member of w2k realm
by R.B.

REPLY TO AUTHOR
 
REPLY TO GROUP



Hi all,
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:

[root@proxynode2 squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Program lacks support for encryption type

kinit works fine

I've also changed the Administrator's password for key generation...
what can i check? I have a similar server in the same net that works fine.

I see with ethereal:
5.886351 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
5.887142 192.168.0.10 -> 192.168.0.52 KRB5 KRB Error:
KRB5KDC_ERR_PREAUTH_REQUIRED
5.888002 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
5.889317 192.168.0.10 -> 192.168.0.52 KRB5 AS-REP

It seems that is a kerberos issue... my krb version is 1.2.7-28
any ideas?

Thanks
Riccardo

Here my krb5.conf file:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.NET
dns_lookup_realm = true
dns_lookup_kdc = true
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true

[realms]
MYDOMAIN.NET = {
  kdc = svr2k10.mydomain.net:88
  kdc = svr2k09.mydomain.net:88
  kdc = svr2k01.mydomain.net:88
  kdc = svr2k20.mydomain.net:88
  admin_server = svr2k10.mydomain.net:749
  default_domain = MYDOMAIN.NET
}

[domain_realm]
.mydomain = MYDOMAIN.NET
mydomain = MYDOMAIN.NET

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}

________________________________________________
Kerberos mailing list           Kerberos@mit....
https://mailman.mit.edu/mailman/listinfo/kerberos

Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.