[NTLUG:Discuss] Making a spam shield server

. Daniel xdesign at hotmail.com
Tue Feb 13 14:21:50 CST 2007 

Okay, so what do I do with this KDC stuff?

Good thing I didn't send this.  Ran a google on some of the error output (a 
good practice that I never do enough is to simply copy the error message 
and paste it into google.com... answers are to be found quite often!)

So I learned where someone said "your kerberos isn't configured correctly." 
 So I went in and changed everything the way I "think" it should be.  Made 
everything match the domain here and all that.  Made it use DNS lookups 
too.  (It didn't work any differently when I didn't have DNS lookups 
enabled.)  And now the error messages have changed for the better.  See 
below:

---
Binding to domain with command /usr/bin/net join -U Administrator ..

Administrator's password: 
[2007/02/13 13:41:07, 0] libads/ldap.c:ads_add_machine_acct(1405)
  ads_add_machine_acct: Host account for huckshield already exists - 
modifying old account
[2007/02/13 13:41:08, 0] libads/kerberos.c:get_service_ticket(335)
  get_service_ticket: kerberos_kinit_password 
HUCKSHIELD$@HUCKABEE-INC.COM at HUCKABEE-INC.COM failed: Preauthentication 
failed

.. failed! See the output above for the reason why.
---

I'm down with the machine already existing error...  oh wait...

I changed the password server to the APPROPRIATE server and it works!

---
Binding to domain with command /usr/bin/net join -U Administrator ..

Administrator's password: 
[2007/02/13 14:20:00, 0] libads/ldap.c:ads_add_machine_acct(1405)
  ads_add_machine_acct: Host account for huckshield already exists - 
modifying old account
Using short domain name -- HUCK-FW
Joined 'HUCKSHIELD' to realm 'HUCKABEE-INC.COM'

.. complete.
---

You're the MAN!

Okay, so now that I have that done, I should be able to receive email for 
anyone that is a user of the domain?  Is there more magic to configure yet?


>For some of those options, you may need a newer samba/winbind....
>perhaps there are some compilation options that aren't there as
>well??).  Not sure.  I just use the stuff that comes with
>SUSE (SLES or openSUSE).
> > ---
> > Binding to domain with command /usr/bin/net join -U Administrator ..
> >
> > Administrator's password:
> > [2007/02/13 11:53:54, 0] libads/kerberos.c:ads_kinit_password(146)
> >   kerberos_kinit_password Administrator at HUCKABEE-INC.COM failed: Cannot
> > find KDC for requested realm
> > [2007/02/13 11:53:54, 0] utils/net_ads.c:ads_startup(186)
> >   ads_connect: Cannot find KDC for requested realm
> > Joined domain HUCK-FW.
> >
> > .. failed! See the output above for the reason why.
> > ---

_________________________________________________________________
Hotmail に直接アクセス!MSN がさらに使いやすく http://jp.msn.com/

More information about the Discuss mailing list