[Samba] Problem with joining Active Server Domain

David Evans-Roberts d.evans-roberts at hrwallingford.co.uk
Wed Nov 17 17:15:16 GMT 2004

I have built samba 3.0.8 with ADS support.  From the Solaris 9 end it
appeared to join the active directory server domain OK.  However when I look
using Windows Explorer on the ADS (Windows 2003) machine it appears as Samba
3.0.8 server under WORKGROUP, and I cannot access the shares.  I am using
the MIT kerberos.  The Howto guide on page 74 is a bit ambiguous.  I read it
to say that if you are you are using Heimdel it must be a release later than
0.6.  A colleague took it to read that you must use Heimdal rather than MIT
for Windows 2003.  Is this the problem or is it something else.  Any advice

/usr/local/samba/bin/net ads join -U Administrator
Administrator's password: 

[2004/11/17 17:03:53, 0] libads/ldap.c:(1366)
  ads_add_machine_acct: Host account for pike already exists - modifying old
  Using short domain name -- ASTTEST
  Joined 'PIKE' to realm 'ASTTEST.LOCAL'

The relevant parts of the /etc/krb5.conf file are as follows:

        default_realm = astest.local

        astest.local = {
                kdc = eng-test.astest.local

.kerberos.server = astest.local

And smb.conf :

# Global parameters
        workgroup = ASTTEST
        realm = ASTTEST.LOCAL
        security = ADS
        password server = eng-test.asttest.local
        username map = /etc/samba/usermap.txt
        log level = 1
        log file = /var/log/samba
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        load printers = No
        os level = 0
        dns proxy = No
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        read only = No
        create mask = 0775
        directory mask = 0775



David Evans-Roberts
daveer at hrwallingford.co.uk
Systems Administrator
HR Wallingford			


HR Wallingford uses Faxes and Emails for confidential and 
legally privileged business communications.  They do not of
themselves create legal commitments.  Disclosure to parties 
other than addressees requires our specific consent.  We are
not liable for unauthorised disclosures nor reliance upon them.  
If you have received this message in error please advise us 
immediately and destroy all copies of it.

More information about the samba mailing list