+ Post New Thread
Results 1 to 11 of 11
*nix Thread, Kinit failed error when joining Linux to AD in Technical; Hello, I have been going through the installation guide for setting up a Linux box running as a print server ...
  1. #1

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Kinit failed error when joining Linux to AD

    Hello,

    I have been going through the installation guide for setting up a Linux box running as a print server with Pykota installed. As complete Linux Noob it is somewhat a little difficult.

    I have got to the point where i need to join it to the AD. I run the command
    Code:
    net ads join -U administrator
    and the output is less than satisfying but i am not sure why it failed.The output was this:
    [2008/06/28 20:49:59, 0] libsmb/cliconnect.c:cli_session_setup_spnego(785)
    Kinit failed: Configuration file does not specify default realm
    Any ideas as to why?

    I literally copied and pasted the smb.conf from the guide into the smb.conf file on my debian 4r3 install. I changed the netbios name to point to my AD server (wasn't sure if this was right) and l also changed the realm name CRONEHILLS.SANDWELL.SCH.UK. I set the workgroup to CRONEHILLS and i removed the WINS server line as i am not using one.

    I copied and pasted the krb5 into the one on the debian box too. I edited to read

    kdc = SERVER1.CRONEHILLS.SANDWELL.SCH.UK
    admin_server = SERVER1.CRONEHILLS.SANDWELL.SCH.UK

    So from what i can see the realm is in correctly.

  2. #2

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    I have since resolved (i think) this error. I had removed the section for the default realm. I have now put this back in but am still struggling with the general configuration of the kerberos setup.

    I had configured the smb.conf, nsswitch.conf, and krb5.conf file as best i can work out and when i try to run the command net ads join -U administrator i get the error:

    utils/net_ads.c:ads_startup(289)
    ads_connect: Invalid credentials

    If i change the configs i usually end up with:

    preauthentication failed.

    I'm not entirely sure which is the better of the 2.

    And my network device keeps getting a no entry sign on it saying no network devices found but yet it still resolves and pings addresses...



    I looked up the error and on the Ubuntu forum a guy said he had the problem mentioned in this post and was down to DNS issues although i could resolve the server name fine. Just for information this edit.
    Last edited by HodgeHi; 30th June 2008 at 09:53 AM.

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,655
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    When I set up SMB/Winbind authentication on my machines, I used the tutorials here:
    https://help.ubuntu.com/community/Ac...ryWinbindHowto
    https://help.ubuntu.com/community/Samba/Kerberos

    Ok, they're for Ubuntu, but they should apply to debian too. Hope these help.

  4. #4

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Thanks. I will look into these. Just re-installing Server 2003 at the moment.

  5. #5
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30

    Question

    Remove the server names as well, and use the IP addresses for a start, as this will ease any problems.

    Easier way to join as well is as follows:

    Code:
    net ADS join -S 192.168.0.xx -U administrator%password
    Samba.conf:
    PHP Code:
    [global]
    netbios name servername
    workgroup 
    name
    realm 
    school.somerset.sch.uk
    password server 
    primary DC IP_ADDR
    security 
    ADS
    winbind 
    use default domain yes 
    krb5.conf
    PHP Code:
    [libdefaults]
    default_realm SCHOOL.SOMERSET.SCH.UK
    clockskew 
    300

    [realms]
       
    SCHOOL.SOMERSET.SCH.UK = {
          
    kdc DC IP address
          kdc 
    DC IP address as a failover
          admin_server 
    DC IP address
          default_domain 
    SCHOOL.SOMERSET.SCH.UK

    Thats the absolute minimum requried for joining to a domain, please not CAPS ARE THERE FOR A REASON. Kerberbos and the k* programs are very strict on this fact, if prompted to enter domain name, ALWAYS ensure caps!

  6. #6

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Cheers for posting your config files. I had a look at the links localz posted up and decided to give those a try. And i was successful in managing to get the server to join the server 2003 domain.

    The only thing is though is i am not sure how much on Ric_ guide was required by the PyKota system.

    I also did not get the required output from the nsswitch test.
    I haven't got access to them right at this moment so can't post what i tried. I did this last night while watching Germany lose miserably.

  7. #7
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30
    http://www.centeris.com/products/likewise_open/index.php

    Is a good program, does all the Active Directory joining as well, configures your krb5.conf, smb.conf, nsswitch.conf, pam.d/* files etc for intergration, (and it never seems to fail)

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    BTW, if you using MIT Keberos, you do not need a krb5.conf file at all. Kerberos will read all the server settings from DNS. Just like windows does.

  9. #9

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    How do you install the MIT Kerberos. Is this the same as the krb5.config install?

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    On ubuntu all I need to do to get functional Keberos for samba is to install 'krb5-usr'. The package configuration will ask some questions then generate a krb.conf file. However as I said, it's not nessercery and I prefer to rely on DNS. So I remove the /etc/krb5.conf file. kinit works fine.

  11. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Cool. I will try this out when i start to build for the actual domain.

SHARE:
+ Post New Thread

Similar Threads

  1. Software for Joining 2 Domains
    By sqdge in forum Windows
    Replies: 9
    Last Post: 5th September 2007, 10:40 AM
  2. joining laptops to domain
    By chrbb in forum Windows
    Replies: 11
    Last Post: 28th February 2007, 08:19 PM
  3. Need advice on joining virtual pc to domain
    By projector1 in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 7th February 2007, 03:00 PM
  4. Replies: 30
    Last Post: 24th November 2006, 08:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •