[Samba] net ads join fails 3/4's of the time
Rex Dieter
rdieter at math.unl.edu
Wed Jun 8 17:18:31 GMT 2005
I just wanted to share my frustrations with trying to use samba to join
linux machines to our AD (so I could use pam_winbind primarily). I'm
using Red Hat Enterprise 4 boxes, with samba-3.0.14a,
krb5-libs-1.3.4-12, kernel-2.6.9-5.0.5.EL (I tried Fedora Core 3 too,
with similar results). I (pre)added machines to the AD using the Active
Directory Users and Computers tool.
I initially had clock skew problems (yielding kerberos errors), but I
now have synchronized system clocks.
Now, I've found that the
$ net ads join
command(*) always says it succeeds joining the domain, but a subsequent
$ wbinfo -t
about 75% of the time yields an error:
NT_STATUS_ACCESS_DENIED
If I re-run those 2 commands repeatedly, I *eventually* will get machine
that has successfully joined the AD domain (where 'wbinfo -t' succeeds
and pam_winbind successfully authenticates users).
Now, I'm mostly content that I've found a solution to my problem, but
I'm curious why/how 'net ads join' oftemtimes claims false success (and
why is it failing at all in the first place)?
-- Rex
(*) with -d3 or higher, I see random collections of errors, mostly
kerberos related saying "pre-authentication failed" and "encryption type
not supported"
More information about the samba
mailing list