[Samba] net ads join fails

Penny Willisson Penny.Willisson at Ellisonslegal.com
Fri Apr 8 14:41:07 GMT 2005


Thanks

When I run 'kinit administrator' I get the following error

kinit: krb5_get_init_creds: unable to reach any KDC in realm ellisonslegal.com

any ideas???

-----Original Message-----
From: samba-bounces+pw=ellisonslegal.com at lists.samba.org
[mailto:samba-bounces+pw=ellisonslegal.com at lists.samba.org]On Behalf Of
Dimitri Yioulos
Sent: 08 April 2005 13:30
To: samba at lists.samba.org
Subject: Re: [Samba] net ads join fails


On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
> Hi
>
> I have created the machine account on the AD server and did this logged in
> as Administrator so that should mean that the Administrator account has the
> correct permissions.
>
> I have executed the following command as suggested
>
> net ads join Administrator at apps.ellisonslegal.com -d 2
>
> The following was output to the screen:
>
> [2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
>
> added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
>
> [2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)
>
> kerberos_kinit_password Administrator at APPS.ELLISONSLEGAL.COM failed:
> Unknown code krb5 156
>
> [2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)
>
> ads_connect: Unknown code krb5 156
>
> [2005/04/08 13:33:41, 2] utils/net.c:main(897)
>
> return code = -1
>
> Thanks
>
> Penny
>
> -----Original Message-----
> From: Gordon Hopper [mailto:g.hopper at computer.org]
> Sent: 06 April 2005 05:28
> To: Penny Willisson
> Subject: Re: [Samba] net ads join fails
>
>
>
> [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
>
>   ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
>
> [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
>
>   kerberos_kinit_password  Administrator at ELLISONSLEGAL.COM failed: Unknown
> code krb5 156
>
> [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)
>
>   ads_connect: Unknown code krb5 156
>
>
>
>
> I suggest you post the output of the command you are running to join the
> domain (including the command), for example, "net ads join -U
> username at ds.domain.com -d 2".
>
> Also, note that the credentials you use to join the domain are not
> necessarily the domain Administrator, but they need to be a user who has
> write privileges to the ads folder where the machine account will be
> created.  (It worked better for me when the machine account was already
> created in server manager, but according to the docs, that shouldn't be
> necessary.)
>
> It almost looks like the password failed.  Or perhaps the folde
> r you 
> specified for the machine account does not exist.
>
> Regards,
>
> Gordon Hopper

Try the command "kinit Administrator" (or Administrator at yourdomain.com").  You 
should be prompted for a password.  If, after entering the password, you're 
returned to a prompt with no further output then, in theory at least, your 
Kerberos setup is OK. If you get errors, well ...  Run that first, then try 
"net ads join -U Administrator at yourdomain.com.

A good how-to can be found at: http://www.ulug.org.nz/ActiveDirectorySamba.

HTH.

Dimitri
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list