After net ads join, kinit fails: Client not found...

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

After net ads join, kinit fails: Client not found...

P V-2
 I'm installing Samba with Security ADS (compiled
--with-winbind --with-ads --with-ldap --with-krb5) on
Solaris 8, for connect with ActiveDirectory W2K.
  First, I created in AD Windows an account with the
same name that my solaris host and generated the
keytab with this:
C:\temp>ktpass princ host/[hidden email]
mapuser mysolarishost -pass ad_user_pwd out
  And add the file to /etc/krb5/krb5.keytab with
  I ran kinit host/[hidden email], and it
asked me for a password (ad_usr_pwd) and all right.
  Then I ran net ads join -U Administrator.
  It asked for password and sent:
Using short domain name -- DOMAINNETBIOS

  After this, I ran SMB daemons. In log.smbd I get:
[2005/08/16 19:12:48, 0] smbd/server.c:main(802)
  smbd version 3.0.20rc1 started.
  Copyright Andrew Tridgell and the Samba Team
[2005/08/16 19:12:48, 0]
host/[hidden email] failed: Client not
found in Kerberos database

   If I run kinit host/[hidden email], I
get this message:
kinit(v5): Client not found in Kerberos database while
getting initial credentials

   So, the problem is when a run net ads join. After
that the authentication with AD W2K is broken. If I
delete the computer account in AD W2K, the kinit
command works again.

   Any idea?
Here my configuration files:
    workgroup = DOMAINNETBIOS
    netbios name = mysolarishost
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    security = ads
    realm = DOMAIN.COM.MX
    password server =

        ticket_lifetime = 24000
        default_realm = DOMAIN.COM.MX
        default_tgs_enctypes = des-cbc-crc des-cbc-md5
        default_tkt_enctypes = des-cbc-crc des-cbc-md5
       DOMAIN.COM.MX = {
                kdc =
                kdc =
                admin_server =
                default_domain =
[domain_realm] = DOMAIN.COM.MX
        .domainnetbios = DOMAIN.COM.MX
        domainnetbios = DOMAIN.COM.MX

passwd:     files winbind
group:      files winbind
hosts:      files wins
shadow:     files winbind

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
Kerberos mailing list           [hidden email]