[Samba] kinit works, net join ads fails
Peter Baumgartner
sgt.hulka at gmail.com
Wed Sep 26 22:41:42 GMT 2007
>I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
>the ticket via klist, but am unable to join the domain.
>
>/usr/sfw/sbin/net -d 5 ads join -U user at DOMAIN.LOCAL
>
>gives the following error...
>
>[2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593)
> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
>file found)
>[2007/08/29 15:49:24, 0] libads/kerberos.c:(228)
> kerberos_kinit_password user at DOMAIN.LOCAL failed: Preauthentication
>failed
>[2007/08/29 15:49:24, 1] utils/net_ads.c:(1470)
> error on ads_startup: Preauthentication failed
>Failed to join domain: Logon failure
>[2007/08/29 15:49:24, 2] utils/net.c:(1032)
>
>I have synced the time on the Samba box with my domain controller. Any
>thoughts on what is wrong?
On 9/3/07, Necos Secon <secon_kun at hotmail.com> wrote:
>
> So, just a few things to check:
>
> 1.) Typo's in the realm name.
> 2.) Typo's in the krb5.conf file (I use heimdal)
> 3.) Try running the net ads join with the administrator account (if you're
> using another account).
> 4.) Checking the the AD server to make sure that you don't have an old
> machine account for the Samba machine.
I've tried all this and still am having no luck. I don't believe it is
an issue in krb5.conf because kinit and smbclient work properly. I
just can't join it to the domain. Any other thoughts?
More information about the samba
mailing list