[Samba] net ads join fails
Dimitri Yioulos
dyioulos at firstbhph.com
Fri Apr 8 15:04:24 GMT 2005
> -----Original Message-----
> From: samba-bounces+pw=ellisonslegal.com at lists.samba.org
> [mailto:samba-bounces+pw=ellisonslegal.com at lists.samba.org]On Behalf Of
> Dimitri Yioulos
> Sent: 08 April 2005 13:30
> To: samba at lists.samba.org
> Subject: Re: [Samba] net ads join fails
>
> On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
> > Hi
> >
> > I have created the machine account on the AD server and did this logged
> > in as Administrator so that should mean that the Administrator account
> > has the correct permissions.
> >
> > I have executed the following command as suggested
> >
> > net ads join Administrator at apps.ellisonslegal.com -d 2
> >
> > The following was output to the screen:
> >
> > [2005/04/08 13:33:38, 2] lib/interface.c:add_interface(81)
> >
> > added interface ip=10.0.0.39 bcast=10.0.255.255 nmask=255.255.0.0
> >
> > [2005/04/08 13:33:41, 0] libads/kerberos.c:ads_kinit_password(146)
> >
> > kerberos_kinit_password Administrator at APPS.ELLISONSLEGAL.COM failed:
> > Unknown code krb5 156
> >
> > [2005/04/08 13:33:41, 0] utils/net_ads.c:ads_startup(191)
> >
> > ads_connect: Unknown code krb5 156
> >
> > [2005/04/08 13:33:41, 2] utils/net.c:main(897)
> >
> > return code = -1
> >
> > Thanks
> >
> > Penny
> >
> > -----Original Message-----
> > From: Gordon Hopper [mailto:g.hopper at computer.org]
> > Sent: 06 April 2005 05:28
> > To: Penny Willisson
> > Subject: Re: [Samba] net ads join fails
> >
> >
> >
> > [2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
> >
> > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
> > directory)
> >
> > [2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
> >
> > kerberos_kinit_password Administrator at ELLISONSLEGAL.COM failed:
> > Unknown code krb5 156
> >
> > [2005/04/05 15:11:44, 0] utils/net_ads.c:ads_startup(191)
> >
> > ads_connect: Unknown code krb5 156
> >
> >
> >
> >
> > I suggest you post the output of the command you are running to join the
> > domain (including the command), for example, "net ads join -U
> > username at ds.domain.com -d 2".
> >
> > Also, note that the credentials you use to join the domain are not
> > necessarily the domain Administrator, but they need to be a user who has
> > write privileges to the ads folder where the machine account will be
> > created. (It worked better for me when the machine account was already
> > created in server manager, but according to the docs, that shouldn't be
> > necessary.)
> >
> > It almost looks like the password failed. Or perhaps the folde
> > r you
> > specified for the machine account does not exist.
> >
> > Regards,
> >
> > Gordon Hopper
>
> Try the command "kinit Administrator" (or Administrator at yourdomain.com").
> You should be prompted for a password. If, after entering the password,
> you're returned to a prompt with no further output then, in theory at
> least, your Kerberos setup is OK. If you get errors, well ... Run that
> first, then try "net ads join -U Administrator at yourdomain.com.
>
> A good how-to can be found at: http://www.ulug.org.nz/ActiveDirectorySamba.
>
> HTH.
>
> Dimitri
>
>On Friday 08 April 2005 10:41 am, you wrote:
> Thanks
>
> When I run 'kinit administrator' I get the following error
>
> kinit: krb5_get_init_creds: unable to reach any KDC in realm
> ellisonslegal.com
>
> any ideas???
>
You probably don't have Kerberos configured correctly. Check your krb5.conf
and kdc.conf files. Refer to the how-to I mentioned earlier, and also
http://web.mit.edu/kerberos/www/krb5-1.4/krb5-1.4/doc/krb5-install.html, if
you're using MIT Kerberos.
Dimitri
More information about the samba
mailing list