1 |
Hello! |
2 |
|
3 |
I'm trying to join my Gentoo box to Windows 2003 domain and I need some |
4 |
help. |
5 |
|
6 |
I've set up smb.conf,. krb5.conf, got a krb ticket, but I'm not able to join |
7 |
domain: |
8 |
|
9 |
# net ads join -U admin@×××××××.DOMAIN -d2 |
10 |
[2008/05/16 16:13:11, 2] lib/interface.c:add_interface(81) |
11 |
added interface ip=192.168.5.21 bcast=192.168.5.255 nmask=255.255.255.0 |
12 |
admin@×××××××.DOMAIN's password: |
13 |
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613) |
14 |
Doing kerberos session setup |
15 |
Using short domain name -- CORP |
16 |
Failed to set servicePrincipalNames. Please ensure that |
17 |
the DNS domain of this server matches the AD domain, |
18 |
Or rejoin with using Domain Admin credentials. |
19 |
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613) |
20 |
Doing kerberos session setup |
21 |
Deleted account for 'RUVRN-NIX01' in realm 'CORP.MY.DOMAIN' |
22 |
Failed to join domain: Type or value exists |
23 |
[2008/05/16 16:13:13, 2] utils/net.c:main(1036) |
24 |
return code = -1 |
25 |
|
26 |
smb.conf: |
27 |
[global] |
28 |
workgroup = CORP |
29 |
realm = CORP.MY.DOMAIN <http://CORP.MURANOSOFT.COM> |
30 |
server string = samba-%v |
31 |
printcap name = cups |
32 |
load printers = yes |
33 |
printing = cups |
34 |
log file = /var/log/samba/log.%m |
35 |
max log size = 50 |
36 |
hosts allow = 192.168.1. 127. |
37 |
use sendfile = yes |
38 |
map to guest = bad user |
39 |
security = ads |
40 |
encrypt passwords = yes |
41 |
winbind use default domain = yes |
42 |
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
43 |
local master = no |
44 |
domain logons = no |
45 |
idmap uid = 10000-20000 |
46 |
idmap gid = 10000-20000 |
47 |
|
48 |
wins server = CORP.MY.DOMAIN |
49 |
wins proxy = no |
50 |
dns proxy = yes |
51 |
dos charset = 866 |
52 |
unix charset = UTF-8 |
53 |
|
54 |
krb5.conf: |
55 |
[libdefaults] |
56 |
ticket_lifetime = 600 |
57 |
default_realm = CORP.MY.DOMAIN |
58 |
default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 |
59 |
default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 |
60 |
|
61 |
[realms] |
62 |
CORP.MY.DOMAIN = { |
63 |
kdc = zaz.corp.my.domain:88 |
64 |
admin_server = zaz.corp.my.domain:749 |
65 |
} |
66 |
|
67 |
[domain_realm] |
68 |
.corp.my.domain = CORP.MY.DOMAIN |
69 |
corp.my.domain = CORP.MY.DOMAIN |
70 |
.my.domain = CORP.MY.DOMAIN |
71 |
my.domain = CORP.MY.DOMAIN |
72 |
corp = CORP.MY.DOMAIN |
73 |
.corp = CORP.MY.DOMAIN |
74 |
|
75 |
[logging] |
76 |
kdc = SYSLOG |
77 |
admin_server = SYSLOG |
78 |
default = SYSLOG |
79 |
|
80 |
[password_quality] |
81 |
check_library = /usr/lib/sample_passwd_check.so |
82 |
check_function = check_cracklib |
83 |
|
84 |
|
85 |
installed packages: |
86 |
|
87 |
net-fs/samba |
88 |
Installed versions: 3.0.28(14:37:31 05/16/08)(ads cups fam |
89 |
kernel_linux ldap pam python readline winbind -acl -async -automount -caps |
90 |
-doc -examples -ipv6 -linguas_ja -linguas_pl -quotas -selinux -swat -syslog) |
91 |
|
92 |
[D] app-crypt/mit-krb5 |
93 |
Installed versions: 1.6.3-r1(15:42:50 05/16/08)(-doc -ipv6 -krb4 -tcl) |
94 |
|
95 |
# klist |
96 |
Ticket cache: FILE:/tmp/krb5cc_0 |
97 |
Default principal: admin@×××××××.DOMAIN |
98 |
|
99 |
Valid starting Expires Service principal |
100 |
05/16/08 15:54:41 05/16/08 16:04:41 krbtgt/CORP.MY.DOMAIN@×××××××.DOMAIN |
101 |
|
102 |
-- |
103 |
Vladimir Rusinov |
104 |
Voronezh, Russia |
105 |
UNIX Admin @ Murano Software |