[Samba] net ads join fails 3/4's of the time

Rex Dieter rdieter at math.unl.edu
Wed Jun 8 17:18:31 GMT 2005

I just wanted to share my frustrations with trying to use samba to join 
linux machines to our AD (so I could use pam_winbind primarily).  I'm 
using Red Hat Enterprise 4 boxes, with samba-3.0.14a, 
krb5-libs-1.3.4-12, kernel-2.6.9-5.0.5.EL (I tried Fedora Core 3 too, 
with similar results).  I (pre)added machines to the AD using the Active 
Directory Users and Computers tool.

I initially had clock skew problems (yielding kerberos errors), but I 
now have synchronized system clocks.

Now, I've found that the
$ net ads join
command(*) always says it succeeds joining the domain, but a subsequent
$ wbinfo -t
about 75% of the time yields an error:

If I re-run those 2 commands repeatedly, I *eventually* will get machine 
that has successfully joined the AD domain (where 'wbinfo -t' succeeds 
and pam_winbind successfully authenticates users).

Now, I'm mostly content that I've found a solution to my problem, but 
I'm curious why/how 'net ads join' oftemtimes claims false success (and 
why is it failing at all in the first place)?

-- Rex

(*) with -d3 or higher, I see random collections of errors, mostly 
kerberos related saying "pre-authentication failed" and "encryption type 
not supported"

More information about the samba mailing list