| 1 |
Hello! |
| 2 |
|
| 3 |
I'm trying to join my Gentoo box to Windows 2003 domain and I need some |
| 4 |
help. |
| 5 |
|
| 6 |
I've set up smb.conf,. krb5.conf, got a krb ticket, but I'm not able to join |
| 7 |
domain: |
| 8 |
|
| 9 |
# net ads join -U admin@×××××××.DOMAIN -d2 |
| 10 |
[2008/05/16 16:13:11, 2] lib/interface.c:add_interface(81) |
| 11 |
added interface ip=192.168.5.21 bcast=192.168.5.255 nmask=255.255.255.0 |
| 12 |
admin@×××××××.DOMAIN's password: |
| 13 |
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613) |
| 14 |
Doing kerberos session setup |
| 15 |
Using short domain name -- CORP |
| 16 |
Failed to set servicePrincipalNames. Please ensure that |
| 17 |
the DNS domain of this server matches the AD domain, |
| 18 |
Or rejoin with using Domain Admin credentials. |
| 19 |
[2008/05/16 16:13:13, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613) |
| 20 |
Doing kerberos session setup |
| 21 |
Deleted account for 'RUVRN-NIX01' in realm 'CORP.MY.DOMAIN' |
| 22 |
Failed to join domain: Type or value exists |
| 23 |
[2008/05/16 16:13:13, 2] utils/net.c:main(1036) |
| 24 |
return code = -1 |
| 25 |
|
| 26 |
smb.conf: |
| 27 |
[global] |
| 28 |
workgroup = CORP |
| 29 |
realm = CORP.MY.DOMAIN <http://CORP.MURANOSOFT.COM> |
| 30 |
server string = samba-%v |
| 31 |
printcap name = cups |
| 32 |
load printers = yes |
| 33 |
printing = cups |
| 34 |
log file = /var/log/samba/log.%m |
| 35 |
max log size = 50 |
| 36 |
hosts allow = 192.168.1. 127. |
| 37 |
use sendfile = yes |
| 38 |
map to guest = bad user |
| 39 |
security = ads |
| 40 |
encrypt passwords = yes |
| 41 |
winbind use default domain = yes |
| 42 |
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
| 43 |
local master = no |
| 44 |
domain logons = no |
| 45 |
idmap uid = 10000-20000 |
| 46 |
idmap gid = 10000-20000 |
| 47 |
|
| 48 |
wins server = CORP.MY.DOMAIN |
| 49 |
wins proxy = no |
| 50 |
dns proxy = yes |
| 51 |
dos charset = 866 |
| 52 |
unix charset = UTF-8 |
| 53 |
|
| 54 |
krb5.conf: |
| 55 |
[libdefaults] |
| 56 |
ticket_lifetime = 600 |
| 57 |
default_realm = CORP.MY.DOMAIN |
| 58 |
default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 |
| 59 |
default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5 |
| 60 |
|
| 61 |
[realms] |
| 62 |
CORP.MY.DOMAIN = { |
| 63 |
kdc = zaz.corp.my.domain:88 |
| 64 |
admin_server = zaz.corp.my.domain:749 |
| 65 |
} |
| 66 |
|
| 67 |
[domain_realm] |
| 68 |
.corp.my.domain = CORP.MY.DOMAIN |
| 69 |
corp.my.domain = CORP.MY.DOMAIN |
| 70 |
.my.domain = CORP.MY.DOMAIN |
| 71 |
my.domain = CORP.MY.DOMAIN |
| 72 |
corp = CORP.MY.DOMAIN |
| 73 |
.corp = CORP.MY.DOMAIN |
| 74 |
|
| 75 |
[logging] |
| 76 |
kdc = SYSLOG |
| 77 |
admin_server = SYSLOG |
| 78 |
default = SYSLOG |
| 79 |
|
| 80 |
[password_quality] |
| 81 |
check_library = /usr/lib/sample_passwd_check.so |
| 82 |
check_function = check_cracklib |
| 83 |
|
| 84 |
|
| 85 |
installed packages: |
| 86 |
|
| 87 |
net-fs/samba |
| 88 |
Installed versions: 3.0.28(14:37:31 05/16/08)(ads cups fam |
| 89 |
kernel_linux ldap pam python readline winbind -acl -async -automount -caps |
| 90 |
-doc -examples -ipv6 -linguas_ja -linguas_pl -quotas -selinux -swat -syslog) |
| 91 |
|
| 92 |
[D] app-crypt/mit-krb5 |
| 93 |
Installed versions: 1.6.3-r1(15:42:50 05/16/08)(-doc -ipv6 -krb4 -tcl) |
| 94 |
|
| 95 |
# klist |
| 96 |
Ticket cache: FILE:/tmp/krb5cc_0 |
| 97 |
Default principal: admin@×××××××.DOMAIN |
| 98 |
|
| 99 |
Valid starting Expires Service principal |
| 100 |
05/16/08 15:54:41 05/16/08 16:04:41 krbtgt/CORP.MY.DOMAIN@×××××××.DOMAIN |
| 101 |
|
| 102 |
-- |
| 103 |
Vladimir Rusinov |
| 104 |
Voronezh, Russia |
| 105 |
UNIX Admin @ Murano Software |
Archives