kerberos and ADS - joined but cannot proceed
I'm attempting to use samba 3.01pre3 (on RedHat 9) and an AD domain
with kerberos. Samba machines are member servers only.
smbd/nmbd/winbindd all running and behaving as advertised.
I've made these changes to the smb.conf file;
workgroup = XXXXX
realm = xxxxx.REALM
security = ads
idmap uid = 10000-50000
idmap gid = 10000-50000
And these changes to the krb5.conf file;
deafult_realm = XXXXX.REALM
admin_server = servername.xxxxx.realm:749
kdc = servername.xxxxx.realm:88
default_realm = xxxxx.realm
..XXXXX.REALM = xxxxx.realm
xxxxx.realm = XXXXX.REALM
The join command seemed work an told me I had been successful in
joining the domain/realm.
I assume that things now are at least partially working, as when I do
'kinit -V [email]username@XXXXX.REAL[/email]M', I am asked for my AD password. If I
type it, I am returned to the prompt, and kinit informs me that;
'Authenticated to Kerberos V5'.
If, however, I then do 'smbclient -k -L <servername> -U <username>'
(and type my AD password), I am told;
'session setup failed: NT_STATUS_MORE_PROCESSING REQUIRED
Did you forget to run kinit?'
Obviously I didn't forget to run kinit, but klist tickets returns;
'No credentials cache found (ticket cache FILE:tickets)'
If I rerun smbclient without the '-k' (using W2K native mode), there
are no problems with listing or connecting.
Where have I gone wrong?
Thanks in advance