[Samba] Unable to join Samba server to Win2k domain

Henrik Larsson samba-user at spambox.dk
Sat Dec 13 22:50:08 GMT 2003

Dear Samba users.

I have tried to add my Samba server to a Win2k AD mixed mode domain for
several days. I have searched the Internet for information, but couldn't
find a solution. So I will try to describe my problems here.

I first tried to use "security = ADS" and add the Samba server as a native

I have changed the settings in my krb5.conf and tested this with kinit:
-- cut
# kinit -V
Password for administrator at DOMAIN.DOM:
Authenticated to Kerberos v5
-- cut

But when I try to add the server to the domain with the command "net ads
join MEMBER -Uadministrator%password -d 10" I get the following error:
-- cut
[2003/12/13 23:30:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2003/12/13 23:30:00, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
  Got KRB5 session key of length 8
[2003/12/13 23:30:00, 1] utils/net_ads.c:ads_startup(181)
  ads_connect: Invalid credentials
[2003/12/13 23:30:00, 2] utils/net.c:main(759)
  return code = -1
-- cut

If i use a wrong password, I get a "preauthentication failed" so again the
kerberos part should be OK.

I then tried "security = domain".

If I don't create a computer in the AD I get this error when running "net
rpc join MEMBER -Uadministrator%password -d 10":
-- cut
[2003/12/13 23:27:40, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424)
  cli_pipe: return critical error. Error was Call timed out: server did not
respond after 10000 milliseconds
[2003/12/13 23:27:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286)
  error setting trust account password: NT_STATUS_UNSUCCESSFUL
Unable to join domain DOMAIN.
[2003/12/13 23:27:40, 2] utils/net.c:main(759)
  return code = 1
-- cut

If I create a computer account and set it to allow pre Window 2000 computers
to use this account I get:
-- cut
[2003/12/13 23:29:28, 1] libsmb/cliconnect.c:cli_full_connection(1426)
  failed tcon_X with NT_STATUS_ACCESS_DENIED
[2003/12/13 23:29:28, 1] utils/net.c:connect_to_ipc_anonymous(179)
  Cannot connect to server (anonymously).  Error was NT_STATUS_ACCESS_DENIED
[2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(407)
[2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(410)
  write_socket(5,45) wrote 45
[2003/12/13 23:29:28, 10]
  got smb length of 35
[2003/12/13 23:29:28, 5] lib/util.c:show_msg(456)
[2003/12/13 23:29:28, 5] lib/util.c:show_msg(466)
Unable to join domain DOMAIN.
-- cut

So as you can see, I haven't really succeed using any method.

Anyone know what could cause all these problems or a straight solution how
to solve them?

Best regards Henrik

More information about the samba mailing list