W2008RC1 Samba 3.2 Join Fails with NT_STATUS_WRONG_PASSWORD

David Holder david.holder at erion.co.uk
Tue Jan 22 10:05:36 GMT 2008 

Jerry,

I noticed that you had a similar problem to mine last year in Samba 3.0 
(see 
http://www.nabble.com/-SAMBA_3_0--net-ads-join-failing-td8696730.html).

Specifcally I am getting:

# net ads join -Uadministrator%password123!
Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD)
Failed to join domain: Wrong Password

I am working with v3-2-test patched with the attached two patches from 
Andreas. Now Andreas has successfully joined to W2008 but I can't. I 
have also attached output from the net ads join with a level 3 debug and 
a wireshark trace.

I can do a kinit no problem. The computer account is created in AD but 
is disabled.

Any ideas? I'm keen to get the join working so that I have an IPv6 
enabled Windows server to join to over IPv6!

Thanks,
David
------------------------------------------------------------------------
Dr David Holder CEng FIET MIEEE

Erion Ltd, Oakleigh, Upper Sutherland Road, Halifax, HX3 8NT

Reception: +44 (0)1422 207000

Direct Dial: +44 (0)131 2026317

Cell: +44 (0) 7768 456831

Registered in England and Wales. Registered Number 3521142
VAT Number: GB 698 3633 78


-------------- next part --------------
A non-text attachment was scrubbed...
Name: netadsjoinw2008entrc1.pcap
Type: application/octet-stream
Size: 41844 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080122/379bf1a6/netadsjoinw2008entrc1.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Windows-2008-Longhorn-auth2-flag-fixes.patch
Type: text/x-patch
Size: 5924 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080122/379bf1a6/0001-Windows-2008-Longhorn-auth2-flag-fixes.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Fix-Windows-2008-Longhorn-join.patch
Type: text/x-patch
Size: 1763 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080122/379bf1a6/0002-Fix-Windows-2008-Longhorn-join.bin
-------------- next part --------------
[2008/01/21 15:06:06,  3] param/loadparm.c:lp_load(5670)
  lp_load: refreshing parameters
[2008/01/21 15:06:06,  3] param/loadparm.c:init_globals(1469)
  Initialising global parameters
[2008/01/21 15:06:06,  3] param/params.c:pm_process(569)
  params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf"
[2008/01/21 15:06:06,  3] param/loadparm.c:do_section(4368)
  Processing section "[global]"
[2008/01/21 15:06:06,  2] lib/interface.c:add_interface(334)
  added interface eth1 ip=fe80::20c:29ff:feb2:b957%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
[2008/01/21 15:06:06,  2] lib/interface.c:add_interface(334)
  added interface eth1 ip=192.168.108.5 bcast=192.168.108.255 netmask=255.255.255.0
[2008/01/21 15:06:06,  3] libsmb/namequery.c:get_dc_list(1905)
  get_dc_list: preferred server list: "192.168.108.2, *"
[2008/01/21 15:06:06,  3] libads/ldap.c:ads_connect(409)
  Successfully contacted LDAP server 192.168.108.2
[2008/01/21 15:06:06,  3] libsmb/namequery.c:get_dc_list(1905)
  get_dc_list: preferred server list: "192.168.108.2, *"
[2008/01/21 15:06:06,  3] libsmb/namequery.c:get_dc_list(1905)
  get_dc_list: preferred server list: "192.168.108.2, *"
[2008/01/21 15:06:06,  3] libsmb/namequery.c:get_dc_list(1905)
  get_dc_list: preferred server list: "192.168.108.2, *"
[2008/01/21 15:06:06,  3] libads/ldap.c:ads_connect(409)
  Successfully contacted LDAP server 192.168.108.2
[2008/01/21 15:06:06,  3] libads/ldap.c:ads_connect(456)
  Connected to LDAP server W2008RC1.s32ip6.com
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(787)
  ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178 at please_ignore
[2008/01/21 15:06:06,  3] libsmb/clikrb5.c:ads_krb5_mk_req(657)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2008/01/21 15:06:06,  3] libsmb/clikrb5.c:ads_cleanup_expired_creds(592)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 22 Jan 2008 01:04:08 GMT
[2008/01/21 15:06:06,  3] libsmb/namequery.c:get_dc_list(1905)
  get_dc_list: preferred server list: "192.168.108.2, *"
[2008/01/21 15:06:06,  3] libads/ldap.c:ads_connect(409)
  Successfully contacted LDAP server 192.168.108.2
[2008/01/21 15:06:06,  3] libads/ldap.c:ads_connect(456)
  Connected to LDAP server W2008RC1.s32ip6.com
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(778)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/01/21 15:06:06,  3] libads/sasl.c:ads_sasl_spnego_bind(787)
  ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178 at please_ignore
[2008/01/21 15:06:06,  3] libsmb/clikrb5.c:ads_cleanup_expired_creds(592)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 22 Jan 2008 01:04:08 GMT
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_start_connection(1608)
  Connecting to host=W2008RC1.s32ip6.com
[2008/01/21 15:06:06,  3] lib/util_sock.c:open_socket_out(1430)
  Connecting to 192.168.108.2 at port 445
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(792)
  Doing spnego session setup (blob length=124)
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(817)
  got OID=1 2 840 48018 1 2 2
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(817)
  got OID=1 2 840 113554 1 2 2
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(817)
  got OID=1 2 840 113554 1 2 2 3
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(817)
  got OID=1 3 6 1 4 1 311 2 2 10
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(825)
  got principal=not_defined_in_RFC4178 at please_ignore
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(878)
  cli_session_setup_spnego: got a bad server principal, trying to guess ...
[2008/01/21 15:06:06,  3] libsmb/cliconnect.c:cli_session_setup_spnego(900)
  cli_session_setup_spnego: guessed server principal=W2008RC1$@S32IP6.COM
[2008/01/21 15:06:06,  2] libsmb/cliconnect.c:cli_session_setup_kerberos(612)
  Doing kerberos session setup
[2008/01/21 15:06:06,  3] libsmb/clikrb5.c:ads_cleanup_expired_creds(592)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Tue, 22 Jan 2008 01:04:08 GMT
[2008/01/21 15:06:06,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082)
  rpc_pipe_bind: Remote machine W2008RC1.s32ip6.com pipe \lsarpc fnum 0x4006 bind request returned ok.
[2008/01/21 15:06:06,  3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(223)
  lsa_io_sec_qos: length c does not match size 8
[2008/01/21 15:06:06,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082)
  rpc_pipe_bind: Remote machine W2008RC1.s32ip6.com pipe \samr fnum 0x4007 bind request returned ok.
Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD)
[2008/01/21 15:06:06,  1] utils/net_ads.c:net_ads_join(1552)
  call of net_join_domain failed: Wrong Password
[2008/01/21 15:06:06,  2] utils/net.c:main(1170)
  return code = -1

More information about the samba-technical mailing list