[CLUE-Tech] Samba 3 & Active Directory

Mike Staver staver at fimble.com
Wed Aug 25 16:23:46 MDT 2004 

> Well, I'm trying to understand.  For example, here is my smb.conf file:
> 
> # smb.conf is the main Samba configuration file.
> [global]
>         workgroup = RTSENTERPRISE
>         netbios name = TIMMY
>         wins server = 64.242.89.10
>         security = ADS
>         password server = *
>         realm = globaltaxnetwork.com
>         server string = TIMMY
>         encrypt passwords = Yes
>         socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
>         hosts allow = 64.242.89. 127. 216.150.207.155
>         os level = 0
>         dns proxy = No
>         load printers = No
> 
> [html]
>         comment = html
>         browseable = Yes
>         read only = No
>         path = /srv/www/htdocs
> 
> The part of that file that I question is the line "realm".  I have an 
> active directory workgroup/domain labeled RTSENTERPRISE.  I'm sure 
> that's not what realm is referring to.  So, I'm assuming it means the 
> part of AD globaltaxnetwork.com - not sure if that is correct though. 
> Once I find the definition of this term, that will go a LONG way in 
> helping me set up the krb5.conf file I think.

To add to this, here is my krb5.conf file:

[libdefaults]
         default_realm = globaltaxnetwork.com

[realms]
         YOUR.KERBEROS.REALM = {
         kdc = pip.globaltaxnetwork.com
         }

[domain_realms]
         .pip.globaltaxnetwork.com = globaltaxnetwork.com


Then when I try this:

timmy:/srv/www/htdocs # net ads join -U Administrator%xxxxxxxxx
[2004/08/25 15:56:33, 0] libads/kerberos.c:ads_kinit_password(137)

I get an error:

kerberos_kinit_password Administrator at GLOBALTAXNETWORK.COM failed: 
Cannot contact any KDC for requested realm

So, I'm still trying to understand what my realm should be.  I've tried:

timmy:/ # kinit ADMINISTRATOR at GLOBALTAXNETWORK.COM
ADMINISTRATOR at GLOBALTAXNETWORK.COM's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm 
GLOBALTAXNETWORK.COM
timmy:/ # kinit Administrator at GLOBALTAXNETWORK.COM
Administrator at GLOBALTAXNETWORK.COM's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm 
GLOBALTAXNETWORK.COM
timmy:/ # kinit ADMINISTRATOR at RTSENTERPRISE
ADMINISTRATOR at RTSENTERPRISE's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm RTSENTERPRISE
timmy:/ # kinit Administrator at PIP.GLOBALTAXNETWORK.COM
Administrator at PIP.GLOBALTAXNETWORK.COM's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm 
PIP.GLOBALTAXNETWORK.COM

Is my realm simply the fully qualified DNS name of the server it's on?

-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com

More information about the clue-tech mailing list