[Samba] net ads join fails - "Preauthetication failed"
birger at birger.sh
Thu Dec 2 15:17:56 GMT 2004
After a lot of different problems and variations of krb5.conf and
samba.conf files I am currently stuck with the following error trying to
join a domain
net ads join -U nfybw at UIB.NO 'Klienter\IT\MatNat\IFT\Samba
nfybw at UIB.NO's password:
[2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367)
ads_add_machine_acct: Host account for iftsmb100 already exists -
modifying old account
Using short domain name -- KLIENT
[2004/12/02 15:34:39, 0] libads/kerberos.c:get_service_ticket(335)
IFTSMB100$@KLIENT.UIB.NO at KLIENT.UIB.NO failed: Preauthentication failed
*** glibc detected *** free(): invalid pointer: 0x00632800 ***
Fedora Core 3, Samba 3.0.9 as installed by yum.
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nfybw at UIB.NO
Valid starting Expires Service principal
12/02/04 14:45:02 12/03/04 00:45:04 krbtgt/UIB.NO at UIB.NO
renew until 12/03/04 14:45:02
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
I have tried removing the definition in the AD server and recreating.
Samba manages to create the account, but still fails like above. Note
the double @KLIENT.UIB.NO. I think I'll go home now and take a break
while my head clears after fighting with security = ads for 2 days...
In this AD environment hosts are defined in KLIENT.UIB.NO, while users
belong to either UIB.NO or STUDENT.UIB.NO (a separate forest with trust
relationships). I have had it working as far as wbinfo listing users
from both worlds, but I still couldn't access shares. Then something
broke, and now I can't join the domain again. What have I done wrong here?
My config files are at
More information about the samba