[Samba] authenticating to AD with winbind

Yohoo!
=20
We want to authenticate our Cisco admins to freeradius. This should =
authenticate to our running AD (W2003Srv).
=20
Googling for freeradius and AD tells me to use ntlm_auth. For ntlm_auth =
I need a running winbindd. And kerberos.
=20
And there's my problem.
=20
Status:
I configured the /etc/krb5.conf
"kinit admin@MY.DOMAIN" asks for the password and gives me a ticket for =
one week.
So I think, kerberos is running fine.
=20
"net join -S MYDOMAIN -Uadmin" asks again for the password to add the =
machine into the AD. Then it shows me a lot of messages (at the moment I =
can't post them here, if needed I will deliver them later). But, at the =
end it tells me that it has successfully joined. And I can find the =
machine-account in my AD.=20
I'm not sure, but I think it ran successfully.
=20
winbindd is configured in the /etc/samba/smb.conf. Starting winbind =
tells me in the logfile (machinenames stripped):
=20
cgnses80:/var/log/samba # cat log.winbindd
[2005/11/03 17:16:07, 1] nsswitch/winbindd.c:main(864)
winbindd version 3.0.14a-0.4-SUSE started.
Copyright The Samba Team 2000-2004
[2005/11/03 17:16:07, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 17:16:07, 0] libads/kerberos.c:ads_kinit_password(147)
kerberos_kinit_password host/HOST@STR.IPP.ED failed: Preauthentication =
failed
[2005/11/03 17:16:07, 1] =
nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain MYDOMAIN failed: Preauthentication failed
[2005/11/03 17:16:07, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 17:16:07, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 17:16:51, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 17:16:51, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 17:16:51, 0] libads/kerberos.c:ads_kinit_password(147)
kerberos_kinit_password host/HOST@STR.IPP.ED failed: Preauthentication =
failed
[2005/11/03 17:16:51, 1] =
nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain MYDOMAIN2 failed: Preauthentication failed
[2005/11/03 17:16:51, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 17:31:48, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
[2005/11/03 18:41:48, 0] =
libsmb/cliconnect.c:cli_session_setup_spnego(759)
Kinit failed: Preauthentication failed
cgnses80:/var/log/samba #

Could it be possible, that the host is not added successfully to the =
domain? But why tells me the net join it was so? And why is the machine =
in the AD?
=20
Anyone who can give me an approach to the solution?
=20
=20
=20
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba