Samba 3.6.9 - net ads join fails on 2008R2 AD

Bogdan Iamandei b.iamandei at
Mon Nov 5 23:33:28 MST 2012

Hi guys,

Our MS guys are about to do an upgrade to 2008R2 AD and we're
attempting to test that with the latest Samba3 release.

I've compiled it from source, and configured it to use AD as such:

  ## General Server and Domain Information
  ##  - the commented out items in this section are for when samba goes live
  realm = **REALM**
  workgroup = **SHORT NAME FROM REALM**
  netbios name = SLUSHIE
  netbios aliases = SMBTEST
  lm announce = no
  local master = no
  domain master = no
  time server = yes

  ## Security and Authentication
  security = ads
  client ntlmv2 auth = yes
  client use spnego principal = no
  send spnego principal = no
  use kerberos keytab = yes
  #client use spnego = yes
  encrypt passwords = yes
  ldap timeout = 3

  password server =  <server1>, <server2>


Kerberos is configured correctly - kinit user at REALM works perfectly!

When I try to do a net ads join -U user%password -S <server 1> it fails

SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE


All this is happening on a SPARC box - if it makes a difference.

I am at a loss as to what is going on and "-d 10" doesn't seem to be too
enlightening but I'll be happy to post the output if required.


More information about the samba-technical mailing list