Joining Redhat box to MS ADS Domain without Kerberos


Results 1 to 3 of 3

Thread: Joining Redhat box to MS ADS Domain without Kerberos

  1. #1
    Join Date
    Dec 1999
    Location
    Orion arm of the Milky Way Galaxy
    Posts
    172

    Joining Redhat box to MS ADS Domain without Kerberos

    Hi all.

    I have a Redhat EL3 computer operating in a Windows-based network running ADS. I really have very little knowledge of domain-type networking, and the network admins here have less knowledge of linux than I do (which isn't that much!). However, it's my understanding that kerberos is an additional security protocall that can be used in an ADS environment, but is not always present. In our case, I don't believe we have it.

    However, samba 3 seems to expect kerberos to be present. When I run the command "net ads join" I get errors stating "Cannot find KDC for requested realm". I've also been trying the "net testjoin" command for both ads and rpc environments with the following results:
    [root@kitten jdbrown]# net ads testjoin
    KITTEN$@CREOL's password:
    [2005/02/08 15:43:33, 0] libads/kerberos.c:ads_kinit_password(146)
    kerberos_kinit_password KITTEN$@CREOL failed: Cannot find KDC for requested realm
    [2005/02/08 15:43:33, 0] utils/net_ads.c:ads_startup(186)
    ads_connect: Cannot find KDC for requested realm
    Join to domain is not valid
    [root@kitten jdbrown]# net rpc testjoin

    Unable to find a suitable server
    Join to domain 'CREOL' is not valid
    As I stated earlier, I really don't have a lot of knowledge in regards to networking (or to linux for that matter - but I get by). Can anyone give me some suggestions for this, or should I just live with this in its current state?

    Thanks,
    JB
    Boredom tempts a twisted mind!!!

  2. #2
    Join Date
    Mar 2002
    Location
    Pennsylvania, USA
    Posts
    1,713
    Depending on how your AD domain in configured, you might be able to get away with using security = domain instead of security = ads.

    See this article:

    http://www.justlinux.com/forum/showt...hreadid=118920


    If that fails, you might try using security = server. That will allow your Samba server to authenticate against the domain without actually being a member. I know I've used that against NT type domains but I can't recall if I've successfully used it against an AD domain.
    Last edited by cowanrl; 02-09-2005 at 07:56 AM.
    If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.

  3. #3
    Join Date
    Oct 2005
    Posts
    2

    samba ads login problem

    Hi Cowanrl,

    I followd ur samba 3.0 using ADS security,

    and configure my m/c,

    it works partiallly,
    that from

    linux i can mount all available shares on windows 2k server,

    but

    i can only public dircetories of samba ,

    my users home dir cannt be accessed it shows invalid user name and password,


    ex:-

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = %S
    create mode = 0664
    directory mode = 0775

    in this if i comment valid users, then i can access the my home dir,
    otherwise i cant access it,

    help me,

    regadrs n thankx in advance,
    sami,
    meetsami@gmail.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •