[CLUE-Tech] Samba 3 & Active Directory
Mike Staver
staver at fimble.com
Wed Aug 25 16:23:46 MDT 2004
> Well, I'm trying to understand. For example, here is my smb.conf file:
>
> # smb.conf is the main Samba configuration file.
> [global]
> workgroup = RTSENTERPRISE
> netbios name = TIMMY
> wins server = 64.242.89.10
> security = ADS
> password server = *
> realm = globaltaxnetwork.com
> server string = TIMMY
> encrypt passwords = Yes
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> hosts allow = 64.242.89. 127. 216.150.207.155
> os level = 0
> dns proxy = No
> load printers = No
>
> [html]
> comment = html
> browseable = Yes
> read only = No
> path = /srv/www/htdocs
>
> The part of that file that I question is the line "realm". I have an
> active directory workgroup/domain labeled RTSENTERPRISE. I'm sure
> that's not what realm is referring to. So, I'm assuming it means the
> part of AD globaltaxnetwork.com - not sure if that is correct though.
> Once I find the definition of this term, that will go a LONG way in
> helping me set up the krb5.conf file I think.
To add to this, here is my krb5.conf file:
[libdefaults]
default_realm = globaltaxnetwork.com
[realms]
YOUR.KERBEROS.REALM = {
kdc = pip.globaltaxnetwork.com
}
[domain_realms]
.pip.globaltaxnetwork.com = globaltaxnetwork.com
Then when I try this:
timmy:/srv/www/htdocs # net ads join -U Administrator%xxxxxxxxx
[2004/08/25 15:56:33, 0] libads/kerberos.c:ads_kinit_password(137)
I get an error:
kerberos_kinit_password Administrator at GLOBALTAXNETWORK.COM failed:
Cannot contact any KDC for requested realm
So, I'm still trying to understand what my realm should be. I've tried:
timmy:/ # kinit ADMINISTRATOR at GLOBALTAXNETWORK.COM
ADMINISTRATOR at GLOBALTAXNETWORK.COM's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm
GLOBALTAXNETWORK.COM
timmy:/ # kinit Administrator at GLOBALTAXNETWORK.COM
Administrator at GLOBALTAXNETWORK.COM's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm
GLOBALTAXNETWORK.COM
timmy:/ # kinit ADMINISTRATOR at RTSENTERPRISE
ADMINISTRATOR at RTSENTERPRISE's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm RTSENTERPRISE
timmy:/ # kinit Administrator at PIP.GLOBALTAXNETWORK.COM
Administrator at PIP.GLOBALTAXNETWORK.COM's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm
PIP.GLOBALTAXNETWORK.COM
Is my realm simply the fully qualified DNS name of the server it's on?
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list