RE: connecting lenny to active directory

To: <debian-user@lists.debian.org>
Subject: RE: connecting lenny to active directory
From: "Tym Rehm" <Trehm@tringcorp.com>
Date: Thu, 16 Jul 2009 07:15:48 -0400
Message-id: <[🔎] 6FFC18AC5EDAF34E9441D7D9D6554AC20785DB@yoda.Tring.local>

At first look your krb5.conf file looks wrong. 

Check out this link it has a very nice guide.
http://www.howtoforge.com/samba_ads_security_mode

CAPS are important in the krb5.conf file.

-----Original Message-----
From: shawn foisy [mailto:foisys@gmail.com] 
Sent: Friday, July 10, 2009 11:51 AM
To: debian-user@lists.debian.org
Subject: connecting lenny to active directory

Hi all,
I am a student intern here and I have been give a task of setting up a
linux server for the office, and am trying to get it set up with active
directory, but I keep getting this error when i try the command

net ads join -W metis -S domaincontroller -U myuser

ERROR:

Failed to join domain: Invalid configuration and configuration
modification was not requested

here are some modified config files

krb5.conf:

[libdefaults]
    default_realm = METIS.ORG

# The following krb5.conf variables are only for MIT Kerberos.
    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

# The following encryption type specification will be used by MIT
Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability
problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such
as
# old versions of Sun Java).

#    default_tgs_enctypes = des3-hmac-sha1
#    default_tkt_enctypes = des3-hmac-sha1
#    permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
    v4_instance_resolve = false
    v4_name_convert = {
        host = {
            rcmd = host
            ftp = ftp
        }
        plain = {
            something = something-else
        }
    }
    fcc-mit-ticketflags = true

[realms]
    METIS.ORG = {
    kdc = dc1.metis.org 
    kdc = dc2.metis.org 
    kdc =dc3.metis.org
    admin_server = dc1.metis.org 
}
[domain_realm]
   .metis.org = METIS.ORG

[login]
    krb4_convert = true
    krb4_get_tickets = true

smb.conf:

[global]
security = ads
password server = dc11.metis.org
encrypt passwords = yes
workgroup = METIS
realm = METIS.ORG
netbios name = temporay
idmap uid = 10000-2000
idmap gid = 1000-2000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes


any help would be apreciated

thanks

Shawn Foisy
IT STEP Student
Metis Nation of Alberta

Reply to:

Prev by Date: Re: Bulgarian language
Next by Date: How to get all dependent source packages
Previous by thread: connecting lenny to active directory
Next by thread: connecting grub's uuids
Index(es):
- Date
- Thread