[Samba] Unable to join Samba server to Win2k domain
Henrik Larsson
samba-user at spambox.dk
Sat Dec 13 22:50:08 GMT 2003
Dear Samba users.
I have tried to add my Samba server to a Win2k AD mixed mode domain for
several days. I have searched the Internet for information, but couldn't
find a solution. So I will try to describe my problems here.
I first tried to use "security = ADS" and add the Samba server as a native
member.
I have changed the settings in my krb5.conf and tested this with kinit:
-- cut
# kinit -V
Password for administrator at DOMAIN.DOM:
Authenticated to Kerberos v5
-- cut
But when I try to add the server to the domain with the command "net ads
join MEMBER -Uadministrator%password -d 10" I get the following error:
-- cut
[2003/12/13 23:30:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/12/13 23:30:00, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
Got KRB5 session key of length 8
[2003/12/13 23:30:00, 1] utils/net_ads.c:ads_startup(181)
ads_connect: Invalid credentials
[2003/12/13 23:30:00, 2] utils/net.c:main(759)
return code = -1
-- cut
If i use a wrong password, I get a "preauthentication failed" so again the
kerberos part should be OK.
I then tried "security = domain".
If I don't create a computer in the AD I get this error when running "net
rpc join MEMBER -Uadministrator%password -d 10":
-- cut
[2003/12/13 23:27:40, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424)
cli_pipe: return critical error. Error was Call timed out: server did not
respond after 10000 milliseconds
[2003/12/13 23:27:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286)
error setting trust account password: NT_STATUS_UNSUCCESSFUL
Unable to join domain DOMAIN.
[2003/12/13 23:27:40, 2] utils/net.c:main(759)
return code = 1
-- cut
If I create a computer account and set it to allow pre Window 2000 computers
to use this account I get:
-- cut
[2003/12/13 23:29:28, 1] libsmb/cliconnect.c:cli_full_connection(1426)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2003/12/13 23:29:28, 1] utils/net.c:connect_to_ipc_anonymous(179)
Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED
[2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(407)
write_socket(5,45)
[2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(410)
write_socket(5,45) wrote 45
[2003/12/13 23:29:28, 10]
lib/util_sock.c:read_smb_length_return_keepalive(463)
got smb length of 35
[2003/12/13 23:29:28, 5] lib/util.c:show_msg(456)
[2003/12/13 23:29:28, 5] lib/util.c:show_msg(466)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=22538
smb_pid=6905
smb_uid=3
smb_mid=28
smt_wct=0
smb_bcc=0
Unable to join domain DOMAIN.
-- cut
So as you can see, I haven't really succeed using any method.
Anyone know what could cause all these problems or a straight solution how
to solve them?
Best regards Henrik
More information about the samba
mailing list