NT ADS Join from Samba 3.6.6+ to Windows Server 2008 ADS fails with ACCESS_DENIED?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Feb 11 12:02:40 MST 2013
On Mon, Feb 11, 2013 at 10:49:41AM -0800, Richard Sharpe wrote:
> Hi folks,
>
> We are seeing a Samba 3.6.6+ installation when trying to join a Server
> 2008 ADS domain fail with ACCESS DENIED.
>
> We use 'net ads join' and see the following during the join process:
>
> SPNEGO login failed: Access denied
> failed session setup with NT_STATUS_ACCESS_DENIED
>
> The command seems to only be prepared to use NTLMSSP rather than KRB5.
>
> Is there some policy setting in ADS that enforces KRB5 authentication?
> Can they require that the older RPCs not be used?
kinit and the -k switch to net ads join does not help?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
**********************************************************
visit us at CeBIT: March 5th - 9th 2013, hall 6, booth E15
all about SAMBA and verinice, firewalls, Linux and Windows
free tickets available via email here : cebit at sernet.com !
**********************************************************
More information about the samba-technical
mailing list