"net ads join" returns confusing message 'Failed to join domain: Success'

Kurt Pfeifle kurt.pfeifle at infotec.com
Thu Aug 2 16:49:58 GMT 2007 

I spent many hours this afternoon hunting for a bug or a config error
from my side... but it seems to turn out that everything is OK. See
yourself:

17:01 nfsboss: # echo $PS1
   \A \h: #

17:01 nfsboss: # testparm -vs|grep "log level"
   Load smb config files from /etc/samba/smb.conf
   [....]
   Processing section "[nx-software]"
   Loaded services file OK.
   Server role: ROLE_DOMAIN_MEMBER
           log level = 3

17:01 nfsboss: # net ads join -W INFOM4 -S 10.162.2.53 -U "Administrator%somepassword"
   Using short domain name -- INFOM4
   [2007/08/02 17:01:53, 0] utils/net_rpc_join.c:net_rpc_join_ok(70)
   net_rpc_join_ok: failed to get schannel session key from server PWC03.infom4.intern for domain INFOM4. \
        Error was NT_STATUS_ACCESS_DENIED
   Failed to verify membership in domain!
   Failed to join domain: Success

17:01 nfsboss: # echo $?
   255

OK, /me thinks... "something is wrong".

And /me goes googling, reading, changing configs, modifying name server
entries, manipulating /etc/nsswitch, checking PAM, and what not... for
many hours.

However... it looks like everything is OK.

17:02 nfsboss: # net ads testjoin
   Join is OK

17:02 nfsboss: # wbinfo -u
   INFOM4\administrator
   INFOM4\guest
   INFOM4\support_388945a0
   INFOM4\__vmware_user__
   INFOM4\pwc
   INFOM4\iusr_pwc03
   INFOM4\iwam_pwc03
   INFOM4\aspnet
   INFOM4\krbtgt
   INFOM4\m4cc

17:02 nfsboss: #


Or is there some hidden issue somewhere in my setup that may bite me
later?

In any case: could that message "Failed to join domain: Success" be
changed to some string that is more easily parseable and understood by
mere mortals like me?   :-)


Used software:
--------------

     OS : openSUSE 10.2
   Samba: 3.0.25b-33 (package from Sernet FTP server)
Kerberos: MIT krb5-1.5.1-23.6 (package from openSUSE build service)
 Windows: ADS with DC on Win 2003 Server Standard Edition R2


------------------

Finally, let me say another word of thanks to all the brilliant Samba
developers who provide us such a wonderful tool to use in this hostile
world of proprietary IT!


-- 
Kurt Pfeifle
System & Network Printing Consultant ---- Linux/Unix/Windows/Samba/CUPS
Infotec Deutschland GmbH  .....................  Hedelfinger Strasse 58
A RICOH Company  ...........................  D-70327 Stuttgart/Germany 
---
Infotec Deutschland GmbH
Hedelfingerstrasse 58
D-70327 Stuttgart
Telefon +49 711 4017-0, Fax +49 711 4017-5752
www.infotec.com
Geschaeftsfuehrer: Elmar Karl Josef Wanderer, Frank Grosch, Heinz-Josef Jansen
Sitz der Gesellschaft: Stuttgart, Handelsregister HRB Stuttgart 20398

Der Inhalt dieser E-Mail ist vertraulich und ist nur für den Empfänger bestimmt. Falls Sie nicht der angegebene Empfänger sind oder falls diese E-Mail irrtümlich an Sie adressiert wurde, verständigen Sie bitte den Absender sofort und löschen Sie die E-Mail sodann. Das unerlaubte Veröffentlichen, Kopieren sowie die unbefugte Übermittlung komplett oder in Teilen sind nicht gestattet.Private Ansichten und Meinungen sind, wenn nicht ausdrücklich erklärt, die des Autors und nicht die der Infotec Deutschland GmbH oder deren verantwortliche Direktoren und Angestellte. Eine Haftung für Schäden oder Verlust von Daten durch den Gebrauch dieser Email oder deren Anhänge wird ausgeschlossen.
Weitere Informationen erhalten Sie im Internet unter www.infotec.com oder in jeder Infotec Niederlassung.
This E-Mail is for the exclusive use of the recipient and may contain information which is confidential. Any disclosure, distribution or copying of this communication, in whole or in part, is not permitted. Any views or opinions presented are those of the author and (unless otherwise specifically stated) do not represent those of Infotec Deutschland GmbH or their directors or officers; none of whom are responsible for any reliance placed on the information contained herein. Although reasonable precautions have been taken to ensure that no viruses are present, all liability is excluded for any loss or damage arising from the use of this email or attachments.
For further information please see our website at www.infotec.com or refer to any Infotec office.

More information about the samba-technical mailing list