[Samba] Joining AD Domain = NT_STATUS_INVALID_COMPUTER_NAME

Mathew Rowley mathew.rowley at gmail.com
Tue Nov 2 10:46:37 MDT 2010 

When I try and join my AD domain, I get the following error:

root at mat-desktop:~# net join -I 10.252.159.137 -U Administrator
Enter Administrator's password:
[2010/11/02 10:38:01.176096,  0] utils/net_rpc_join.c:406(net_rpc_join_newstyle)
  Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME
  
Unable to join domain SECLAB.


In my smb.conf, my computer name is set to 'MAT-DESKTOP' (which I thought was a valid name):

root at mat-desktop:~# grep -A1 'server string' /etc/samba/smb.conf 
server string = MAT-DESKTOP
netbios name = MAT-DESKTOP


Does anyone know why else I would be getting that error message?  kinit work fine, and here are my additional configs:


krb5.conf:
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 kdc = SYSLOG:INFO:AUTH
 admin_server = FILE:/var/log/kadmind.log
 admin_server = SYSLOG:INFO:AUTH
 
[libdefaults]
 default_realm = SECLAB
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
 
[realms]
SECLAB = {
 kdc = seclab.security.lab.net:88
 default_domain = seclab.security.lab.net
}

.seclab.security.lab.net = SECLAB
seclab.security.lab.net = SECLAB



smb.conf:
[global]

   workgroup = SECLAB

server string = MAT-DESKTOP
netbios name = MAT-DESKTOP

   dns proxy = no

   log file = /var/log/samba/log.%m

   max log size = 1000

   syslog = 0

   panic action = /usr/share/samba/panic-action %d

   security = ads

   encrypt passwords = true

   passdb backend = tdbsam

   obey pam restrictions = yes

   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

   map to guest = bad user
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/bash
   winbind use default domain = no
   password server = seclab.security.lab.net //your AD-server
  realm = SECLAB

   usershare allow guests = yes

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

More information about the samba mailing list