Prev: group write permission
Next: [Samba] Best practices migration.
From: Russell Poyner on 15 Apr 2010 13:50
I'm attempting to get ubuntu to work with an AD 2008 server for
authentication and authorization.

DNS is on a separate unix host, with dns on the windows server as a
non-authoritative source.

It appears that I have a kerberos problem.

What works:

1. kinit user
Password for user(a)AD.ENGR.WISC.EDU

2. wbinfo -t, wbinfo -u, wbinfo -g all succeed.

What sort-of works:

1. net ads join -U user complains:

DNS update failed!

but net ads testjoin gives:
Join is OK

What fails:
1. wbinfo -K user(a)AD.ENGR.WISC.EDU
Enter user(a)AD.ENGR.WISC.EDU's password:
plaintext kerberos password authentication for [user(a)AD.ENGR.WISC.EDU]
failed (requesting cctype: FILE)
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user [user(a)AD.ENGR.WISC.EDU] with Kerberos
(ccache: FILE)

2. wbinfo -i user

3. calls to nss, getent passwd, id user (yes I have compat winbind in
nsswitch for passwd and groups)

The nss calls create failed LDAP bind messages in the logs. My sense is
that the failure of the ldap bind is related to the apparent kerberos
problem.

Thanks is advance
Russ Poyner


 | 
Pages: 1
Prev: group write permission
Next: [Samba] Best practices migration.