Hide Forgot
Description of problem: Trying to use system-config-authentication to join an Active Directory domain, the actual join fails since 'net ads join' tries to fetch a Kerberos ticket from the wrong realm. Version-Release number of selected component (if applicable): samba-3.0.23c-2 samba-common-3.0.23c-2 authconfig-gtk-5.3.12-1.fc6 Steps to Reproduce: 1. Run system-config-authentication and enable winbind. Press Configure winbind and supply details about your AD and use ads as security model. 2. Press "join domain" and supply details about username and password. 3. Press OK. Actual results: ADS join fails. Stdout/stderr of system-config-authentication reports this: [/usr/bin/net join -w GUEST -S adserver.example.com -U Administrator] Administrator's password:<...> [2006/12/12 15:57:43, 0] libsmb/cliconnect.c:cli_session_setup_spnego(776) Kinit failed: Cannot resolve network address for KDC in requested realm Failed to join domain! ADS join did not work, falling back to RPC... Joined domain GUEST. Expected results: ADS join success. Additional info: The reason for the failed join is that /etc/krb5.conf is incorrectly written. A section for the ADS realm is added, but the realm is not set as default_realm under [libdefaults]. This causes 'net ads join' to try to get tickets from the EXAMPLE.COM domain, which fails.
Fixed in devel. Workaround for FC6 is to set the realm in Kerberos settings dialog. I'll release FC6 update later.