AIX 5.3, Samba 3.0.21a, and Active Directory - Samba

This is a discussion on AIX 5.3, Samba 3.0.21a, and Active Directory - Samba ; I have been working on this problem for quite a while. I am trying to connect Samba 3.0.21a on AIX 5.3 to Windows Active Directory. I have Kerberos installed and it seems to be working. I have created a krb.conf ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: AIX 5.3, Samba 3.0.21a, and Active Directory

  1. AIX 5.3, Samba 3.0.21a, and Active Directory

    I have been working on this problem for quite a while. I am trying to
    connect Samba 3.0.21a on AIX 5.3 to Windows Active Directory.

    I have Kerberos installed and it seems to be working. I have created a
    krb.conf file that is appropriate for my environment. If I run:

    kinit Administrator@MY.DOMAIN

    I get a valid Kerberos token. I can check by running klist and I see
    the token.

    Then I try to run:

    net ads join -U Administrator "Resources\Servers\File"

    I get prompted for the admin password. After entering it and hitting
    enter, I get this error:

    [2006/06/14 20:10:35, 0] libads/kerberos.c:ads_kinit_password(164)

    kerberos_kinit_password Administrator@MY.DOMAIN failed: Cannot
    resolve network address for KDC in requested realm

    [2006/06/14 20:10:35, 0] utils/net_ads.c:ads_startup(191)

    ads_connect: Cannot resolve network address for KDC in requested
    realm

    I don't understand what's going on here because I assumed the KDC was
    found when I did the "kinit" command.

    My smb.conf and krb5.conf files should be configured properly and the
    AIX machine can ping the KDC so I don't think there is any kind of DNS
    issue.

    I would be ever so grateful if someone could help me figure this
    problem out!

    Thanks a million.
    Andrew


  2. Re: AIX 5.3, Samba 3.0.21a, and Active Directory

    foomonkey wrote:
    > I have been working on this problem for quite a while. I am trying to
    > connect Samba 3.0.21a on AIX 5.3 to Windows Active Directory.
    >
    > I have Kerberos installed and it seems to be working. I have created a
    > krb.conf file that is appropriate for my environment. If I run:
    >
    > kinit Administrator@MY.DOMAIN
    >
    > I get a valid Kerberos token. I can check by running klist and I see
    > the token.
    >
    > Then I try to run:
    >
    > net ads join -U Administrator "Resources\Servers\File"
    >
    > I get prompted for the admin password. After entering it and hitting
    > enter, I get this error:
    >
    > [2006/06/14 20:10:35, 0] libads/kerberos.c:ads_kinit_password(164)
    >
    > kerberos_kinit_password Administrator@MY.DOMAIN failed: Cannot
    > resolve network address for KDC in requested realm
    >
    > [2006/06/14 20:10:35, 0] utils/net_ads.c:ads_startup(191)
    >
    > ads_connect: Cannot resolve network address for KDC in requested
    > realm
    >
    > I don't understand what's going on here because I assumed the KDC was
    > found when I did the "kinit" command.
    >
    > My smb.conf and krb5.conf files should be configured properly and the
    > AIX machine can ping the KDC so I don't think there is any kind of DNS
    > issue.
    >
    > I would be ever so grateful if someone could help me figure this
    > problem out!
    >
    > Thanks a million.
    > Andrew
    >


    You might want to put the ip info in the "hosts" file with the exact
    names of the controller(s) you are using in your smb.conf file.

    Maybe that will help.

    John

    "samba" "(at)" "JGSystems.net"

  3. Re: AIX 5.3, Samba 3.0.21a, and Active Directory

    I suppose that is worth a shot but, it seems kind of like a guess. The
    controller is resolved by Kerberos and I can ping the server from the
    AIX box. That means the name is properly resolved. Does Samba read
    /etc/hosts directly or prefer it to DNS?

    Thanks
    Andrew

    John wrote:
    >
    > You might want to put the ip info in the "hosts" file with the exact
    > names of the controller(s) you are using in your smb.conf file.
    >
    > Maybe that will help.
    >
    > John
    >
    > "samba" "(at)" "JGSystems.net"



+ Reply to Thread