[Samba] net ads join fails

Penny Willisson Penny.Willisson at Ellisonslegal.com
Fri Apr 8 11:46:12 GMT 2005 

Hi
 
I have created the machine account on the AD server and did this logged in as Administrator so that should mean that the Administrator account has the correct permissions.
 
I have executed the following command as suggested 
 
net ads join Administrator at apps.ellisonslegal.com -d 2
 
The following was output to the screen:
 
[2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)

added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0

[2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)

kerberos_kinit_password Administrator at APPS.ELLISONSLEGAL.COM failed: Unknown code krb5 156

[2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)

ads_connect: Unknown code krb5 156

[2005/04/08 13:33:41, 2] utils/net.c:main(897)

return code = -1

Thanks

Penny

-----Original Message-----
From: Gordon Hopper [mailto:g.hopper at computer.org]
Sent: 06 April 2005 05:28
To: Penny Willisson
Subject: Re: [Samba] net ads join fails



[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)

  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)

[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)

  kerberos_kinit_password  Administrator at ELLISONSLEGAL.COM failed: Unknown code krb5 156

[2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)

  ads_connect: Unknown code krb5 156




I suggest you post the output of the command you are running to join the domain (including the command), for example, "net ads join -U username at ds.domain.com -d 2".

Also, note that the credentials you use to join the domain are not necessarily the domain Administrator, but they need to be a user who has write privileges to the ads folder where the machine account will be created.  (It worked better for me when the machine account was already created in server manager, but according to the docs, that shouldn't be necessary.)

It almost looks like the password failed.  Or perhaps the folder you specified for the machine account does not exist.

Regards,

Gordon Hopper

More information about the samba mailing list