I'm trying to joint a Fedora Core 1/Samba 3 machine to our corporate ADS so I can authenticate users with active directory. I have tried to follow The Official Samba How-To and Samba 3 By Example. I have read the applicable material in both books. So far, I've edited the smb.conf and krb5.conf as listed in the books. When I try:
krbinit '[email protected]'
and put in the correct password, I get no output. If I put in the wrong password I get an error message saying "failed getting initial credentials." I assume the no output is what is supposed to happen when it authenticates properly. Then I try and actually join the machine to the domain using:
net ads join -U'name'
and the output is this (the host name is testmachine):
libads/ldap.c:ads_add_machine_acct(1006)
Host account for testmachine already exists - modifying old account
libads/ldap.c:ads_join_realm(1342)
ads_add_machine_acct: No such object
ads_join_realm: No such object
One of the books said the DC had to have MS Services for Unix installed. I'm not sure if it is installed because I do not actually administer the DC. Is anyone intimate enough with Samba and ADS to know if Services for Unix would cause this, or if it could be something else? Any other little tricks I should look into?
If the Services for Unix is not installed and required, the DC admins would not let me install it. I do have full admin access to a Win 2003 Server on AD though, it just isn't a DC. I could install Services for Unix on that. Is it possible to send auth. requests to that server and have that server request auth to AD?
krbinit '[email protected]'
and put in the correct password, I get no output. If I put in the wrong password I get an error message saying "failed getting initial credentials." I assume the no output is what is supposed to happen when it authenticates properly. Then I try and actually join the machine to the domain using:
net ads join -U'name'
and the output is this (the host name is testmachine):
libads/ldap.c:ads_add_machine_acct(1006)
Host account for testmachine already exists - modifying old account
libads/ldap.c:ads_join_realm(1342)
ads_add_machine_acct: No such object
ads_join_realm: No such object
One of the books said the DC had to have MS Services for Unix installed. I'm not sure if it is installed because I do not actually administer the DC. Is anyone intimate enough with Samba and ADS to know if Services for Unix would cause this, or if it could be something else? Any other little tricks I should look into?
If the Services for Unix is not installed and required, the DC admins would not let me install it. I do have full admin access to a Win 2003 Server on AD though, it just isn't a DC. I could install Services for Unix on that. Is it possible to send auth. requests to that server and have that server request auth to AD?