cannot ADS join

trunks at dei.unipd.it trunks at dei.unipd.it
Mon Jan 28 02:17:05 GMT 2002


Hi to everyone,
I'm trying to use samba-3.0-alpha13 to join a Samba client to a windows 2000 
domain.
I did "kinit administrator at COPERNICO.ESU" and then I did "net ads join -U 
administrator" but I got this:

[root at tsunami source]# net ads join -U administrator
administrator password: 
[2002/01/28 11:02:23, 0] libads/ldap.c:ads_join_realm(324)
  Host account for tsunami already exists - deleting for readd
[2002/01/28 11:02:24, 0] libads/ldap.c:ads_join_realm(335)
  ads_add_machine_acct: Insufficient access
ads_join_realm: Insufficient access

Note that if I created an account on server I can delete them.
If anyone need to know klist entries here they are:

root at tsunami source]# klist -5 -e -f 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at COPERNICO.ESU

Valid starting     Expires            Service principal
01/28/02 11:02:23  01/28/02 20:58:40  krbtgt/COPERNICO.ESU at COPERNICO.ESU
        Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode 
with RSA-MD5 
01/28/02 10:58:40  01/28/02 20:58:40  ldap/francesca at COPERNICO.ESU
        Flags: A, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode 
with RSA-MD5 
01/28/02 10:58:40  01/28/02 20:58:40  ldap/francesca at COPERNICO.ESU
        Flags: A, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode 
with CRC-32 

This is my smb.conf file:

realm = COPERNICO.ESU
ads server = francesca.copernico.esu
security = ADS
encrypt passwords = yes
workgroup = COPERNICO
log level = 1
syslog = 1

At last, I can run smbclient with "-k" options. For example
 smbclient \\\\emanuela\\C\$ -k 
(Emanuela is another machine in the domain)
run correctly.
On target machine I have 

Z:\>klist tickets

Cached Tickets: (5)

   Server: krbtgt/COPERNICO.ESU at COPERNICO.ESU
      KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
      End Time: 1/28/2002 20:43:41
      Renew Time: 2/4/2002 10:43:41


   Server: krbtgt/COPERNICO.ESU at COPERNICO.ESU
      KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
      End Time: 1/28/2002 20:43:41
      Renew Time: 2/4/2002 10:43:41


   Server: FRANCESCA$@COPERNICO.ESU
      KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
      End Time: 1/28/2002 20:43:41
      Renew Time: 2/4/2002 10:43:41


   Server: ldap/francesca.copernico.esu/copernico.esu at COPERNICO.ESU
      KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
      End Time: 1/28/2002 20:43:41
      Renew Time: 2/4/2002 10:43:41


   Server: EMANUELA$@COPERNICO.ESU
      KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
      End Time: 1/28/2002 20:43:41
      Renew Time: 2/4/2002 10:43:41

and on Tsunami I have 

[root at tsunami /root]# klist -5 -e -f 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at COPERNICO.ESU

Valid starting     Expires            Service principal
01/28/02 11:02:23  01/28/02 20:58:40  krbtgt/COPERNICO.ESU at COPERNICO.ESU
        Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode 
with RSA-MD5 
01/28/02 10:58:40  01/28/02 20:58:40  ldap/francesca at COPERNICO.ESU
        Flags: A, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode 
with RSA-MD5 
01/28/02 10:58:40  01/28/02 20:58:40  ldap/francesca at COPERNICO.ESU
        Flags: A, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode 
with CRC-32 
01/28/02 11:05:29  01/28/02 20:58:40  emanuela$@COPERNICO.ESU
        Flags: A, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode 
with RSA-MD5 

Can anybody help me?
Thanks




More information about the samba-technical mailing list