I'm trying to use fedora and samba as a file server.
Using kerberos i'm trying to make sure no passwords are transmitted over my network.
I'm able to use samba for its file server capabilities, kerberos is also able to get a ticket for authentication or verification, by using this command: sudo kinit foo. I can verify this by using: sudo klist -a.
However every time i use the following command : sudo net join ads -S server -U foo it results in the following error:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: SASL bind in progress
My smb.conf:
[global]
workgroup=DOMAIN
netbios name=server
realm=DOMAIN.local
server string=Sama Server Versie%v
security=ADS
encrypt passwords=yes
browseable=yes
My krb5.conf
[libdefaults]
# dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = DOMAIN.LOCAL
# default_ccache_name = KEYRING:persistent:%{uid}
[realms]
DOMAIN.LOCAL = {
# kdc = kerberos.domain.local
# admin_server = kerberos.domain.local
kdc=server.DOMAIN.LOCAL
admin_server=server.DOMAIN.LOCAL
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
Do you guys have a solution or explanation for it?
I was not able to find any clues browsing the web.
Best Answer
In the end it was a Windows problem. It seems i configured the Windows wrong.
I assigned a second network adapter the IP which would be used for connecting with samba.