bonjour,
moi j’ ai moins de chanse j’ai configurer mon fichier /etc/krb5.conf et j’arrive a obtenir mon ticker, pour le fichier samba ma configuration semble correcte j’ai vérifier sur plusieur forum mais quand j essai de rejoindre mon domain AD a l’aide de la commande “net join -U administrator” j’ai le message suivant:

[2010/04/19 17:06:13, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Operations error
ADS join did not work, falling back to RPC…
Joined domain TEP.

la command me donne rien wbinfo -u

un ami m a conseillé de cherche l’équivalent de likewise(march sur ubuntu) sur debian, mais pour le moment j’ai rien trouvé.

je cherche de l’aide, merci d’avance

[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = MONDOMAINE
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true

[realms]
MONDOMAINE = {
kdc = CONTROLEURDOMAINE.mondomaine:88
admin_server = CONTROLEURDOMAINE.mondomaine
default_domain = MONDOMAINE
}

mon fichier /etc/krb5.conf

[domain_realm]
.mondomaine = MONDOMAINE

[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

[login]
krb4_convert = false
krb4_get_tickets = false

mon ficher samba

[global]

1. Server Naming Options:

workgroup = NT-Domain-Name or Workgroup-Name

workgroup = MONDOMAINE
realm = MONDOMAINE
password server = .mondomaine
client use spnego = yes

netbios name is the name you will see in “Network Neighbourhood”,

but defaults to your hostname

netbios name =

server string is the equivalent of the NT Description field

#server string = Samba Server %v
server string =

4. Security and Domain Membership Options:

security = ads

Use password server option only with security = server or security = domain

When using security = domain, you should use password server = *

password server =

password server = CONTROLEURDOMAINE.mondomaine

encrypt passwords = no

Domain Master specifies Samba to be the Domain Master Browser. This

allows Samba to collate browse lists between subnets. Don’t use this

if you already have a Windows NT domain controller doing this job

domain master = no

Puis j’ai crée les répertoires pour l’utilisateur et en modifier les permissions

mkdir /home/MONDOMAINE
chmod 777 /home/MONDOMAINE

Alors, désolé pour le temps de réponse, j’etais assez occupé.

Voici mon fichier DHCP.conf

debian:~# cat /etc/dhcp3/dhclient.conf
# Configuration file for /sbin/dhclient, which is included in Debian's
#       dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
#       man page for more information about the syntax of this file
#       and a more comprehensive list of the parameters understood by
#       dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
#       not leave anything out (like the domain name, for example), then
#       few changes must be made to this file, if any.
#

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send fqdn.fqdn "debian.ecs.grp";
send fqdn.encoded off;
send fqdn.server-update off;
do-forward-update on;
request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, domain-name-servers, domain-search, host-name,
        netbios-name-servers, netbios-scope, interface-mtu,
        rfc3442-classless-static-routes;

Voici le fichier smb.conf

[global]

        security = ads
        realm = NVS.LAN
        password server = 1.kdc.nvs.lan
        workgroup = NVS
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        encrypt passwords = yes
        restrict anonymous = 2

et enfin voici le fichier kerberos

[libdefaults]
        default_realm = NVS.LAN

# The following krb5.conf variables are only for MIT Kerberos
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
        NVS.LAN = {
                kdc = 1.kdc.nvs.lan
                kdc = 2.kdc.nvs.lan
                kdc = 3.kdc.nvs.lan
                admin_server = 1.kdc.nvs.lan
                default_domain = nvs.lan
        }

[domain_realm]

        .nvs.lan = NVS.LAN
        nvs.lan = NVS.LAN

[login]
        krb4_convert = true
        krb4_get_tickets = false

vérifie aussi que tu ais bien synchronisé ton client NTP avec un serveur de temps du domaine.