[Samba] net ads join fails
Dimitri Yioulos
dyioulos at firstbhph.com
Fri Apr 8 12:30:09 GMT 2005
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
> Hi
>
> I have created the machine account on the AD server and did this logged in
> as Administrator so that should mean that the Administrator account has the
> correct permissions.
>
> I have executed the following command as suggested
>
> net ads join Administrator at apps.ellisonslegal.com -d 2
>
> The following was output to the screen:
>
> [2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
>
> added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
>
> [2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)
>
> kerberos_kinit_password Administrator at APPS.ELLISONSLEGAL.COM failed:
> Unknown code krb5 156
>
> [2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)
>
> ads_connect: Unknown code krb5 156
>
> [2005/04/08 13:33:41, 2] utils/net.c:main(897)
>
> return code = -1
>
> Thanks
>
> Penny
>
> -----Original Message-----
> From: Gordon Hopper [mailto:g.hopper at computer.org]
> Sent: 06 April 2005 05:28
> To: Penny Willisson
> Subject: Re: [Samba] net ads join fails
>
>
>
> [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
>
> ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
>
> [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
>
> kerberos_kinit_password Administrator at ELLISONSLEGAL.COM failed: Unknown
> code krb5 156
>
> [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)
>
> ads_connect: Unknown code krb5 156
>
>
>
>
> I suggest you post the output of the command you are running to join the
> domain (including the command), for example, "net ads join -U
> username at ds.domain.com -d 2".
>
> Also, note that the credentials you use to join the domain are not
> necessarily the domain Administrator, but they need to be a user who has
> write privileges to the ads folder where the machine account will be
> created. (It worked better for me when the machine account was already
> created in server manager, but according to the docs, that shouldn't be
> necessary.)
>
> It almost looks like the password failed. Or perhaps the folde
> r you
> specified for the machine account does not exist.
>
> Regards,
>
> Gordon Hopper
Try the command "kinit Administrator" (or Administrator at yourdomain.com"). You
should be prompted for a password. If, after entering the password, you're
returned to a prompt with no further output then, in theory at least, your
Kerberos setup is OK. If you get errors, well ... Run that first, then try
"net ads join -U Administrator at yourdomain.com.
A good how-to can be found at: http://www.ulug.org.nz/ActiveDirectorySamba.
HTH.
Dimitri
More information about the samba
mailing list