[Samba] Joining Samba 3.0.0 to Windows 2000 domain

Petersen petersen at britersen.co.uk
Mon Nov 24 06:23:28 GMT 2003 

Hi,

After unsuccessfully trying to join a samba server to my Win2k domain, I
turn to you guys for help.

The samba server in question is called BRITERSEN, and is on 192.168.1.4,
the Win2k domain controller is called SPOCK and is on 192.168.1.3, the
domain in question is petenet.britersen.co.uk


Getting a kerberos ticket seems to go ok:

[root at britersen:~]# klist   
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: Administrator at PETENET.BRITERSEN.CO.UK

  Issued           Expires          Principal

Nov 24 06:00:01  Nov 24 16:00:00
krbtgt/PETENET.BRITERSEN.CO.UK at PETENET.BRITERSEN.CO.UK



However, when trying to join it to my Win2k domain, things go wrong.
smb.conf looks like this:

# Global parameters
[global]

realm = PETENET.BRITERSEN.CO.UK
security = ADS
encrypt passwords = yes
client use spnego = yes
password server = 192.168.1.3

And the output of me trying to join the domain is as follows:

[root at britersen:~]# net ads join
administrator password: 
[root at britersen:~]# 

Which is not much...

Debugging turns up this:

[root at britersen:~]# net -d 2 ads join
[2003/11/24 06:20:45, 2] lib/interface.c:add_interface(79)
  added interface ip=212.159.80.154 bcast=212.159.80.159
nmask=255.255.255.248
[2003/11/24 06:20:45, 2] lib/interface.c:add_interface(79)
  added interface ip=192.168.1.4 bcast=192.168.1.255 nmask=255.255.255.0
[2003/11/24 06:20:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for spock$@PETENET.BRITERSEN.CO.UK
(Unknown error -1765328343)
administrator password: 
[2003/11/24 06:20:48, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No such file or directory)
[2003/11/24 06:20:48, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for spock$@PETENET.BRITERSEN.CO.UK
(Unknown error -1765328343)
[2003/11/24 06:20:48, 1] utils/net_ads.c:ads_startup(181)
  ads_connect: Operations error
[2003/11/24 06:20:48, 2] utils/net.c:main(758)
  return code = -1


The faliure to get the info on spock$@PETENET.BRITERSEN.CO.UK concerns
me, but I don't know enough to trace this further.

At this point, I have no idea whether this is a problem with the samba
server, or with the security settings on the win2k domain controller.

All help greatly appreciated,

Petersen

More information about the samba mailing list