Samba 3.6.9 - net ads join fails on 2008R2 AD
Bogdan Iamandei
b.iamandei at its.uq.edu.au
Mon Nov 5 23:33:28 MST 2012
Hi guys,
Our MS guys are about to do an upgrade to 2008R2 AD and we're
attempting to test that with the latest Samba3 release.
I've compiled it from source, and configured it to use AD as such:
[global]
####
## General Server and Domain Information
## - the commented out items in this section are for when samba goes live
realm = **REALM**
workgroup = **SHORT NAME FROM REALM**
netbios name = SLUSHIE
netbios aliases = SMBTEST
lm announce = no
local master = no
domain master = no
time server = yes
##
####
####
## Security and Authentication
security = ads
client ntlmv2 auth = yes
client use spnego principal = no
send spnego principal = no
use kerberos keytab = yes
#client use spnego = yes
encrypt passwords = yes
ldap timeout = 3
password server = <server1>, <server2>
.....
Kerberos is configured correctly - kinit user at REALM works perfectly!
When I try to do a net ads join -U user%password -S <server 1> it fails
SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
---------------------------
All this is happening on a SPARC box - if it makes a difference.
I am at a loss as to what is going on and "-d 10" doesn't seem to be too
enlightening but I'll be happy to post the output if required.
Bogdan.
More information about the samba-technical
mailing list