Here we go . after 2 sleepless nights. this is the best i came around . and no answers could be found anywhere .. ok .
DC = ACTIVE.AD.COM
AD = AD.COM
LUX BOX = CentOS , i changed from Fedora.
ok now config fun !! .
krb5.conf :
===============
[libdefaults]
default_realm = AD.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
AD.COM =
{
kdc = AD.COM
kdc = ACTIVE.AD.COM
kdc = ACTIVE.AD.COM
kdc = ACTIVE.AD.COM
admin_server = AD.COM
default_domain = AD.COM
kdc = ACTIVE.AD.COM
}
[domain_realm]
.ad.com = AD.COM
.AD.COM = AD.COM
ad.com = AD.COM
AD.COM = AD.COM
[logging]
kdc = FILE:/var/adm/krd5kdc.log
admin_server = FILE:/var/log/kadmind.log
default = FILE:/var/log/krb5lib.log
[kdc]
profile= /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
========================================
smb.conf
-------------------
[global]
workgroup = AD
password server = ACTIVE.AD.COM
realm = AD.COM
security = ads
idmap uid = 500-10000000
idmap gid = 500-10000000
template homedir = /home/%U
template shell = /bin/sh
winbind use default domain = true
winbind offline logon = false
unix charset = LOCALE
netbios name = CENTOS
server string = CENTOS_JOIN
idmap backend = idmap_rid:AD.COM=500-10000000
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
[homes]
comment = Home Dir
valid users = %D\%U
read only = No
browseable = No
==========================================
after running this command:
Shell:> kinit
Administrator@AD.COM
Password: xxxxxx
Shell:>
it went fine. no errors or anything else. to indicate.
Shell:> klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal:
Administrator@AD.COM
Valid starting Expires Service principal
03/07/09 05:07:48 03/07/09 15:08:29 krbtgt/AD.COM@AD.COM
renew until 03/08/09 06:07:48
Kerberos 4 ticket cache: /tmp/tkt0
and this command .
Shell:> net ads info
LDAP server: 192.168.1.106
LDAP server name: active.ad.com
Realm: AD.COM
Bind Path: dc=AD,dc=COM
LDAP port: 389
Server time: Sat, 07 Mar 2009 05:24:33 EST
KDC server: 192.168.1.106
Server time offset: 46
NOW THE MAJOR ERROR >.............
SHELL:> net ads join -U Administrator
[2009/03/07 05:11:34, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Failed to join domain: Invalid credentials
what da hell this means .. beats me blind ..
Thanx for the help ....
Regards,
MaaS .