Subject: Re: Joining Active Directory with Samba
To: None <>
From: Luke Mewburn <>
List: netbsd-users
Date: 12/18/2004 14:34:45
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 17, 2004 at 03:38:38PM -0500, wrote:
  | I keep getting this error "ADS support not compiled in" when I try to u=
se =20
  | the net ads join command.  My smb.conf looks as followes: workgroup =3D=
  | DOMAIN.COM, security =3D ADS , and encrypt password =3D yes. =20

You should be using:
	workgroup =3D DOMAIN
	realm =3D DOMAIN.COM
(using the "short name" in the "workgroup" parameter).

  | Also when I use the kinit username command I get the following error:=
  | kinit:=20
  | krb5_get_init_creds: unable to reach any KDC in realm DOMAIN.COM

This is highly dependent upon your krb5.conf settings, your DNS setup, etc.=

For example, on a test network where I'm using WIndows 2003 Server (W2K3S)
to provide Active Directory Services (Kerberos 5 and LDAP), and DNS.
The NetBSD host running Samba3 uses the W2K3S server for DNS & krb5 with:

	    * /etc/resolv.conf
	nameserver	ipaddress-of-w2k3s

	    * /etc/krb5.conf
		krb4_get_tickets =3D no

Note that takes advantage of the W2K3S DNS server providing
SRV records for "_kerberos._tcp" and "_kerberos._udp" in the
current domain.

With that,  "kinit"  just works.

Which samba release are you trying to use?
Which NetBSD release are you trying it on?

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)