Cannot find ticket for requested realm while validating credentials

I searched high and low for a good cookie cutter recipe and couldn't find one, so I pieced together parts from various sources to come up with one that I have used for 4 Ubuntu linux servers, and which continues to work for me.These instructions assume your domain information is DOMAIN (old style domain name) and the DNS resolvable one is DOMAIN. Our Active Directory environment is running on Windows 2000, but I have tested these instructions in a VMWare Team with Windows 2003 native mode and they worked there as well.

INTERNAL default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] DOMAIN. The configuration shown is the bare minimum and doesn't share anything.You should be able to access the shares with the default Samba config.I used to use my laptop with Hoary at work, and it was fine.Go to Places-Connect to Server and choose Windows Share and you'll need to save your user name and password and stuff.INTERNAL = { kdc = domainserver.domain.internal admin_server = domainserver.domain.internal default_domain = DOMAIN. INTERNAL Step 3: Edit /etc/samba/smb/conf Notes: Change the NETBIOS name parameter to be correct for the server. [global] security = ads netbios name = CMHRG02 realm = DOMAIN.INTERNAL } [domain_realm] .domain.internal = DOMAIN. INTERNAL password server = domainserver.domain.internal workgroup = DOMAIN idmap uid = 500-10000000 idmap gid = 500-10000000 winbind separator = + winbind enum users = no winbind enum groups = no winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no 2) Test the configuration with the testparm command Step 4: Edit /etc/to look like the example below passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Step 5: Modify the PAM settings 1) /etc/pam.d/common-account should contain only the following lines account sufficient pam_account required pam_2) /etc/pam.d/common-auth should contain only the following lines auth sufficient pam_auth required pam_nullok_secure use_first_pass 3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below password required pam_nullok obscure min=4 max=50 md5 4) Make sure the /etc/pam.d/common-session file contains the following line session required pam_umask=0022 skel=/etc/skel Step 6: Make a directory to hold domain user home directories Note: Use the value you put in the WORKGROUP tag of the /etc/samba/file mkdir /home/DOMAIN Step 7: Initialize Kerberos 1) kinit [email protected]

INTERNAL Next check to be sure you got a ticket from the domain controller 2) klist Step 8: Join the system to the net ads join -U [email protected]

INTERNAL Step 9: Restart Samba-related Services (Or reboot the server) Note: The order is important /etc/init.d/samba stop /etc/init.d/winbind stop /etc/init.d/samba start /etc/init.d/winbind start Step 10: Restart SSH and Test Connectivity Note: If you rebooted the server in the previous step, just try and login.

/etc/init.d/ssh restart ssh [email protected] If you can login using your active directory username and password then everything is working!

Step 11: Configure SUDO 1) First create a group in Active Directory called Unix Admins and add the names of people whom you want to be able to use sudo to admin the server.

2) Next, add the Unix Admins group to the /etc/sudoers so these users can use sudo %Unix Admins ALL=(ALL) ALL HELPFUL COMMAND LINES 1) List the derived UNIX GID values for Active Directory groups for gid in $(wbinfo -r will these intructions allow me to have access to my windows 2003 server shares???

i am thinking of making the ubuntu desktop a viable option at my workplace...

