[NTLUG:Discuss] Samba server + AD domain

. Daniel xdesign at hotmail.com
Thu May 3 16:33:10 CDT 2007 

Thought I'd add a little more to the last email:
-----

I found this:

http://www.wlug.org.nz/ActiveDirectorySamba

And I'll spend some time going over that tomorrow.  But I have also been 
going over this:

http://blog.scottlowe.org/2007/01/15/active-directory-integration-index/

And one difference that seems to stick out at me is in the first, it 
doesn't reference any pam_krb5.so and the latter does.  (The latter is the 
reference material I have been using most.)

Another big difference, though, is that the first one is used on RedHat 
9.... a very old distro.  But, at least in theory, since it's a current 
Samba we're talking about, it shouldn't matter a great deal... I haven't 
seen anything specific to RH9... at least nothing I've noticed.  

And here's another thing.  What's with this "krb5.keytab" file?  Where is 
that located?  Supposed to be /etc/krb5.keytab but none were magically 
created.  I went ahead and ran "touch /etc/krb5.keytab" to see if it would 
do anything and no difference.  So now I'm left to wonder about that.

And finally, what is the deal with all this other kerberos key activity?  
The manual approach?  I have read in multiple places that if this works:

net ads join -U Administrator%password 

The it does everything else automatically... not sure what it does or what 
changes but look at this:

Here is some stuff I have run
-----------------------------

[root at linux etc]# ls -l /tmp/krb5cc_0
-rw------- 1 root root 1212 May  3 15:42 /tmp/krb5cc_0
[root at linux etc]# kdestroy
[root at linux etc]# ls -l /tmp/krb5cc_0
ls: /tmp/krb5cc_0: No such file or directory
[root at linux etc]# net ads join -U Administrator
Administrator's password:
Using short domain name -- ADOMAIN
Joined 'LINUX' to realm 'ADOMAIN.COM'
[root at linux etc]# ls -l /tmp/krb5cc_0
ls: /tmp/krb5cc_0: No such file or directory
[root at linux etc]# kinit administrator at ADOMAIN.COM
Password for administrator at ADOMAIN.COM:
[root at linux etc]# ls -l /tmp/krb5cc_0
-rw------- 1 root root 1212 May  3 16:27 /tmp/krb5cc_0
[root at linux etc]#
---------------------

So, it's kinit that creates this mysterious /tmp/krb5cc_0 file and I have 
no idea what the "net ads join" thing does except on the AD server side 
where a computer account is created...

Maybe when I wake up in the morning, it will all make sense somehow.

_________________________________________________________________
Office ストーリー連載開始。豪華プレゼントあり! 
http://go.microsoft.com/?linkid=6696410

More information about the Discuss mailing list