Hi all,
I have AD Zentyal 3.0.2.
Client Debian Wheezy.
How to authenticate to AD with Debian Wheezy?
My debian is:
root@laptop:~# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- CPE
Joined 'LAPTOP' to realm 'cpe.warszawa.vectranet.pl'
DNS update failed!
My /etc/hostsroot@laptop:~# cat /etc/hosts
127.0.0.1 laptop.cpe.warszawa.vectranet.pl laptop
127.0.1.1 laptop.cpe.warszawa.vectranet.pl laptop
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
hostname -f
laptop.cpe.warszawa.vectranet.pl
My /etc/krb5.conf[libdefaults]
default_realm = CPE.WARSZAWA.VECTRANET.PL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
dns_lookup_realm = false
dns_lookup_kdc = false
[domain_realm]
.example.com = CPE.WARSZAWA.VECTRANET.PL
example.com = CPE.WARSZAWA.VECTRANET.PL
[login]
krb4_convert = true
krb4_get_tickets = false
My /etc/samba/smb.conf
[global]
workgroup = CPE
realm = CPE.WARSZAWA.VECTRANET.PL
server string = %h server (Samba %v)
load printers = no
security = ads
local master = no
domain master = no
preferred master = no
wins server = 192.168.99.1
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
interfaces = eth0 lo
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
invalid users = root
template homedir = /home/%D/%U
template shell = /bin/bash
winbind offline logon = yes
winbind refresh tickets = yes
wbinfo -g
root@laptop:~# wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain controllers
group policy creator owners
ras and ias servers
domain controllers
enterprise admins
domain computers
cert publishers
dnsupdateproxy
domain admins
domain guests
schema admins
domain users
dnsadmins
chlopcy
wbinfo -u
root@laptop:~# wbinfo -u
administrator
tkasprzycki
proxy-gate
dns-gate
krbtgt
guest
net ads statusroot@laptop:~# net ads status
Enter root's password:
kerberos_kinit_password root@CPE.WARSZAWA.VECTRANET.PL failed: Client not found in Kerberos database
kerberos_kinit_password root@CPE.WARSZAWA.VECTRANET.PL failed: Client not found in Kerberos database
kerberos_kinit_password root@CPE.WARSZAWA.VECTRANET.PL failed: Client not found in Kerberos database