[OmniOS-discuss] samba with AD on omnios
Thomas Werschlein
thomas.werschlein at geo.uzh.ch
Tue Sep 17 14:51:24 UTC 2013
Hi Tobi
On 16.09.2013, at 22:56, Tobias Oetiker <tobi at oetiker.ch> wrote:
> I am trying to use samba/winbind to hook up our omnios box to an AD
> server. After some fiddleling, I managed to compile samba +
> openldap linked to the system krb5 libraries ...
>
> Running kclient to configure kerberos seems to work fine, but when runnning net ads join,
> I get:
>
> -----------------------------------------------------------------------------------------
> # net ads join -S ad-server -U Administrator
> Enter Administrator's password:
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Error in the PKCS 11 library calls
> Failed to join domain: failed to connect to AD: Error in the PKCS 11 library calls
> -----------------------------------------------------------------------------------------
>
> the thing seems to be hung up on some soft tokens, and it does also
> not seem able to find the kerberos key cache ...
>
> anyone running such a setup on omnios who could give me a hint ?
We are running such a setup for quite some time now.
The comment in our Chef recipe for kerberos5 reads:
"Used to *run* samba3. You can successfully compile samba with the krb5 that
ships with OmniOS, but will not be able to 'net ads join'"
IIRC it was also the PKCS 11 library calls error that lead us to compile kerberos ourselves.
We are using krb5-1.11.1 right now and build it straight forward.
Currently we are using samba-3.6.18 and are compiling gamin 0.1.10 (to build the samba module 'notify_fam', with patches from Opensolaris and others to use FEN) and openldap 2.4.34 (plain vanilla) as prerequisites, too.
Cheers,
Thomas
--
Thomas Werschlein, IT Service Management
Department of Geography, University of Zurich
PGP-Key-ID: C76C851B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://omniosce.org/ml-archive/attachments/20130917/d2213509/attachment.bin>
More information about the OmniOS-discuss
mailing list