Quest of SUSE 10 with Server2k8 AD authentication

Danie Wessels Danie.Wessels at
Mon Feb 10 06:57:07 MST 2014

No progress yet. I still have to postpone installing newer version of samba on machine1
In the meantime I am trying to something similar with the oracle Enterprise Linux 5 (VDD_WLS_Labs) VM and also not succeeding!
Could you please provide me with more pointers as to where I should start looking?

[oracle at myoracle01 ~]$ net ads info -S {PDC}
LDAP server:
LDAP server name: {PDC}.{localdomain}.{subdomain}.{domain1}
Realm: {DOMAIN}
Bind Path: dc={loacldomain},dc={subdomain},dc={domain1}
LDAP port: 389
Server time: Mon, 10 Feb 2014 05:43:35 PST
KDC server:
Server time offset: 1

[root at myoracle01 ~]# net rpc join -S{PDC}.{domain}  -U{someuser1}
Could not connect to server {PDC}.{loacldomain}
The username or password was not correct.
[2014/02/10 03:55:10, 0] passdb/secrets.c:get_trust_pw_clear(690)
  get_trust_pw: could not fetch trust account password for trusted domain {LOCALDOMAIN}
[2014/02/10 03:55:10, 0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2445)
  get_schannel_session_key: could not fetch trust account password for domain '{LOCALDOMAIN}'
[2014/02/10 03:55:10, 0] utils/net_rpc_join.c:net_rpc_join_ok(81)
  net_rpc_join_ok: failed to get schannel session key from server {PDC}.{domain} for domain {LOCALDOMAIN}. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Unable to join domain {LOCALDOMAIN}.

[oracle at myoracle01 ~]$ wbinfo -V
Version 3.0.33-3.28.el5

while still on old setup:
[machine01 ~]# net rpc join -S{PDC}.{domain}  -U{someuser1}
[2014/02/10 03:55:10, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(350)
 Error in domain join verification (credential setup failed): NT code 0xc0000388

Unable to join domain {LOCALDOMAIN}.

{here I can get a ticket but not a trust relationship...}
Also wbinfo -u and -g do show previous setup (trust relationship) users and groups but I can no longer authenticate them (-a or -K).
Can't find any krb5.keytab either. just samba secret.db

Where must I start looking?


-----Original Message-----
Subject: RE: Quest of SUSE 10 with Server2k8 AD authentication

Great, thanks Franz

I have found
How to update to Samba 3.4 on SLES10 SP3 and SP4

I am backing up before I try it... for incase I mess it up.

Also from
> wbinfo --set-auth-user=Administrator%password ????
NEVER do this.   ...  {Now I have cleared this!!!}

We also have in  /etc/nsswitch.conf  :
passwd: compat winbind
group: compat
hosts: files dns
 - which I don't understand yet... compat?

Danie W

Cc: samba-technical at
Subject: Re: Quest of SUSE 10 with Server2k8 AD authentication

Hi Danie,
do not spend any time in Samba 3.0.x, it will not work in cause of the 
* sealed connections between the Samba-Server and the AD * ?
Upgrade to something newer. 
* My manager insists that it has worked before and therefore should be fixable :)
there is a special repo for sles 10 sp1 with samba 3.4.3 called SLES10-GPLv3-Extras.

Danie W

The perusal, use, dissemination, copying or storing of this message or its attachments and the opening of attachments is subject to PBMR's standard email disclaimer available at internet address: - Disclaimer or on request from the sender.

More information about the samba-technical mailing list