Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help with Samba please!
Top Forums UNIX for Dummies Questions & Answers Help with Samba please! Post 302918710 by mgreen81 on Thursday 25th of September 2014 06:38:47 AM
Old 09-25-2014
Help with Samba please!
I am having a nightmare getting a new Solaris server to join a domain in order to access some samba shares.

I am a newbie to Unix so am learning as I go.

Every time I try the net ads join -U administrator command, I get:

Code:
# net ads join -U administrator
Enter administrator's password:
[2014/09/25 08:29:27.672173, 0] libads/kerberos.c:333()
kerberos_kinit_password administratoratINTERNAL.OURDOMAIN.COM failed: Preauthentication failed
Failed to join domain: failed to connect to AD: Preauthentication failed

Here is my smb.conf:
Code:
[global]
	workgroup = OURDOMAIN
	realm = INTERNAL.OURDOMAIN.COM
	server string = Maginus SUN2014, Samba %v
	interfaces = 172.XX.X.X
	security = ADS
	password server = *
	server signing = auto
  	client signing = auto
	map to guest = Bad Password
	guest account = web
	preferred master = Auto
	wins server = 172.XX.X.X, 172.XX.X.X, 172.XX.X.X
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/bash
	winbind enum users = Yes
	winbind enum groups = Yes

[home_report]
	comment = Home Report for Res Bulk Pick Lists
	path = /home/report
	guest only = Yes
	guest ok = Yes


My krb5.conf

Code:
[libdefaults]
        default_realm = INTERNAL.OURDOMAIN.COM

[realms]
        INTERNAL.OURDOMAIN.COM = {
                kdc = DC1.INTERNAL.OURDOMAIN.COM
                kdc = DC2.INTERNAL.OURDOMAIN.COM
                kdc = DC3.INTERNAL.OURDOMAIN.COM              
                admin_server = DC1.INTERNAL.OURDOMAIN.COM
        }

[domain_realm]
	OURDOMAIN = INTERNAL.OURDOMAIN.COM

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
	kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

		period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

		versions = 10
	}

[appdefaults]
	kinit = {
		renewable = true
		forwardable= true
	}
	gkadmin = {
		help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
	}

Your help is really appreciated!

---------- Post updated at 05:38 AM ---------- Previous update was at 05:20 AM ----------

Thanks for the edit Scrutinizer (I cant PM you)
Last edited by Scrutinizer; 09-25-2014 at 07:29 AM.. Reason: Additional code tags
 

9 More Discussions You Might Find Interesting

1. Programming

Samba 2.2.4

Has any setup samba 2.2.4 inside of unix ver 11.0, i am trying to mount a nfs mount on a w2k, and wxp box, and i was told that i had to upgrade to sambe 2.2.4, but the c compiler on ver 11.0 isnt ansii compatable, I could please use any help or directions on this matter... thanks (0 Replies)
Discussion started by: marvin51796
0 Replies

2. UNIX for Dummies Questions & Answers

Need Samba Help

Hi, I am very new to Unix, do know some RedHat linux. I am wanting to install samba on my unix machine. Not sure where to start, any help would be very much appreciated. Thanks, Chris Lewis (4 Replies)
Discussion started by: lewy33
4 Replies

3. UNIX for Dummies Questions & Answers

Why use Samba?

Hi, I am sorry I am total dummy in Unix. I am starting to explore a thing call "Samba". From my initial and rough finding, I think Samba is only useful in providing Print services to PC platform users. That is to say, The Unix machine which has Samba installed, is able to provide print... (3 Replies)
Discussion started by: champion
3 Replies

4. Solaris

SAMBA - where?

Greetings.. I need SAMBA to implement a backup strategy , the problem is that i cant find it anywhere... can u guys gimme a link to a sun compatilble version of samba ? thanx thanx htanx..... :rolleyes: (3 Replies)
Discussion started by: nEuRoMaNcEr
3 Replies

5. UNIX for Dummies Questions & Answers

Samba help

Hey. I have a question about adding users and maping theirs dirictorys. Main Folder | -User1 Folder -User2 Folder -User3 Folder ...... How can I add this users to have folders in the Main Folder ? any simple script? And I... (0 Replies)
Discussion started by: net555
0 Replies

6. UNIX for Dummies Questions & Answers

Samba

after creating username/passwd, vi /usr/lib/smb.conf file comment = dropoff location path = /tmp/droloc browsable = No available = yes public = no writable = yes printable = no create mode = 777 valid users = tjmann,palexander,bmartin,.... instead of using... (2 Replies)
Discussion started by: tjmannonline
2 Replies

7. UNIX for Dummies Questions & Answers

SAMBA

currently, we are using SAMBA for our ftp way. can SAMBA be encrypted aka sftp ? (2 Replies)
Discussion started by: lawsongeek
2 Replies

8. Solaris

samba issue: one samba share without password prompting and the others with.

Hi All, I've been trying to configure samba on Solaris 10 to allow me to have one share that is open and writable to all users and have the rest of my shares password protected by a generic account. If I set my security to user, my secured shares work just fine and prompt accordingly, but when... (0 Replies)
Discussion started by: ideal2545
0 Replies

9. Ubuntu

Samba Help

All; I've done this before, but sure I'm typing in the wrong search terms, so not finding the help I need. What I have to do: Set up Samba, smb.conf, smbclient, fstab and all other settings so I see both the Windows and Linux servers and their shares in the network, via Samba. It's... (19 Replies)
Discussion started by: TBotNik
19 Replies

LEARN ABOUT OPENDARWIN

kadmind

kadmind(1M)															       kadmind(1M)

NAME

       kadmind - Kerberos administration daemon

SYNOPSIS

       /usr/lib/krb5/kadmind [-d] [-m] [-p port-number] [-r realm]

       kadmind	runs on the master key distribution center (KDC), which stores the principal and policy databases. kadmind accepts remote requests
       to administer the information in these databases. Remote requests are sent, for example, by kpasswd(1), gkadmin(1M),  and  kadmin(1M)  com-
       mands,  all  of which are clients of kadmind. When you install a KDC, kadmind is set up in the init scripts to start automatically when the
       KDC is rebooted.

       kadmind requires a number of configuration files to be set up for it to work:

       /etc/krb5/kdc.conf

	   The KDC configuration file contains configuration information for the KDC and the Kerberos administration system. kadmind understands a
	   number  of configuration variables (called relations) in this file, some of which are mandatory and some of which are optional. In par-
	   ticular, kadmind uses the acl_file, dict_file, admin_keytab,  and  kadmind_port  relations  in  the	[realms]  section.  Refer  to  the
	   kdc.conf(4) man page for information regarding the format of the KDC configuration file.

       /etc/krb5/kadm5.keytab

	   kadmind  requires  akeytab  (key  table) containing correct entries for the kadmin/admin and kadmin/changepw principals for every realm
	   that kadmind answers requests. The keytab can be created with the kadmin.local(1M), kdb5_util(1M) command. The location of  the  keytab
	   is determined by the admin_keytab relation in the kdc.conf(4) file.

       /etc/krb5/kadm5.acl

	   kadmind  uses  an  ACL  (access control list) to determine which principals are allowed to perform Kerberos administration actions. The
	   path of the ACL file is determined by the acl_file relation in the kdc.conf file. See kdc.conf(4). For information regarding the format
	   of the ACL file, refer to kadm5.acl(4).

	   Note  that  the kadmind daemon will need to be restarted in order   to reread the kadm5.acl file after it has been modified. You can do
	   this, as root, with the following command:

	   # svcadm restart svc:/network/security/kadmin:default

       After kadmind begins running, it puts itself in the background and disassociates itself from its controlling terminal.

       kadmind can be configured for incremental database propagation. Incremental propagation allows slave KDC servers to receive  principal  and
       policy updates incrementally instead of receiving full dumps of the database. These settings can be changed in the kdc.conf(4) file:

       sunw_dbprop_enable = [true | false]

	   Enable or disable incremental database propagation. Default is false.

       sunw_dbprop_master_ulogsize = N

	   Specifies the maximum amount of log entries available for incremental propagation to the slave KDC servers. The maximum value that this
	   can be is 2500 entries. Default value is 1000 entries.

       The kiprop/<hostname>@<REALM> principal must exist in the master's kadm5.keytab file to enable the slave to authenticate incremental propa-
       gation from the master.	In the principal syntax above, <hostname> is the master KDC's host name and <REALM> is the realm in which the mas-
       ter KDC resides.

       Kerberos client machines can automatically migrate Unix users to the default Kerberos realm specified in the  local  krb5.conf(4),  if  the
       user  does  not	have a valid kerberos account already. You achieve this by using the pam_krb5_migrate(5) service module for the service in
       question.  The Kerberos service principal used by the client machine attempting the migration needs to be validated using the  u  privilege
       in  kadm5.acl(4).   When  using	the  u	privilege,  kadmind  validates	user passwords using PAM, specifically using a PAM_SERVICE name of
       k5migrate by calling pam_authenticate(3PAM) and pam_acct_mgmt(3PAM).

       A suitable PAM stack configuration example for k5migrate would look like:

       k5migrate	auth	required	pam_unix_auth.so.1
       k5migrate	account required	pam_unix_account.so.1

       The following options are supported:

       -d	       Specifies that kadmind does not put itself in the background and does not disassociate itself from the terminal. In  normal
		       operation, you should use the default behavior, which is to allow the daemon to put itself in the background.

       -m	       Specifies  that	the  master  database password should be retrieved from the keyboard rather than from the stash file. When
		       using -m, the kadmind daemon receives the password prior to putting itself in the background.  If used in combination  with
		       the -d option, you must explicitly place the daemon in the background.

       -p port-number  Specifies the port on which the kadmind daemon listens for connections. The default is controlled by the kadmind_port rela-
		       tion in the kdc.conf(4) file.

       -r realm        Specifies the default realm that kadmind serves. If realm is not specified, the default realm of the host is used.  kadmind
		       answers	requests  for  any realm that exists in the local KDC database and for which the appropriate principals are in its
		       keytab.

       /var/krb5/principal

	   Kerberos principal database.

       /var/krb5/principal.ulog

	   The update log file for incremental propagation

       /var/krb5/principal.kadm5

	   Kerberos administrative database containing policy information.

       /var/krb5/principal.kadm5.lock

	   Kerberos administrative database lock file. This file works backwards from most other lock files (that is, kadmin exits with  an  error
	   if this file does not exist).

       /var/krb5/kadm5.dict

	   Dictionary of strings explicitly disallowed as passwords.

       /etc/krb5/kadm5.acl

	   List of principals and their kadmin administrative privileges.

       /etc/krb5/kadm5.keytab

	   Keytab for kadmin/admin principal.

       /etc/krb5/kdc.conf

	   KDC configuration information.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWkdcu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

       kpasswd(1), svcs(1), gkadmin(1M), kadmin(1M), kadmin.local(1M), kdb5_util(1M), kproplog(1M), svcadm(1M), pam_acct_mgmt(3PAM), pam_authenti-
       cate(3PAM), kadm5.acl(4), kdc.conf(4), krb5.conf(4), attributes(5), krb5envvar(5), pam_krb5_migrate(5), smf(5), SEAM(5)

       The Kerberos administration daemon (kadmind) is now compliant with the change-password standard mentioned in RFC 3244, which means  it  can
       now handle change-password requests from non-Solaris Kerberos clients.

       The kadmind service is managed by the service management facility, smf(5), under the service identifier:

       svc:/network/security/kadmin

       Administrative  actions	on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command.

								    11 Jul 2005 						       kadmind(1M)
All times are GMT -4. The time now is 03:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy