[Samba] Join AD domain using security = domain ?

David Wilson dave at dcdata.co.za
Thu Feb 23 15:59:17 GMT 2006


Ah excellent ! Thanks for your help Jerry. I came right.

My only problem is that when a client connects to my Samba, Samba first 
attempts to connect to the AD DC on port 445 to authenticate the user - this 
times out after some seconds and then successfully goes through on port 139. 
Must be something on the AD DC that is stopping this ?
Is there any way I can try forcing Samba to only use port 139 in that 
request to the AD DC ?
I've tried 'smb ports = 139' - this of course seems to be only for the 
'server' side of Samba.

Any ideas ?


Kind regards

David Wilson
D c D a t a
CNS, CLS, Linux+
T: 0860-1-LINUX
F: 0866878971
M: 0824147413
E: support at dcdata.co.za
W: http://www.dcdata.co.za

----- Original Message ----- 
From: "Gerald (Jerry) Carter" <jerry at samba.org>
To: "David Wilson" <dave at dcdata.co.za>
Cc: <samba at lists.samba.org>
Sent: Wednesday, February 22, 2006 3:58 PM
Subject: Re: [Samba] Join AD domain using security = domain ?


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 22 Feb 2006, David Wilson wrote:
>
>> Hi guys,
>>
>> Is it possible to join an AD domain using NT style authentication ?
>> i.e. security = domain  in smb.conf and use 'net join rpc -W [MYADDOMAIN]
>>
>> When I tried this I get the following error:
>> [2006/02/22 11:56:42, 0]
>> rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
>>  cli_rpc_pipe_open_schannel: failed to get schannel session key from 
>> server
>> msu
>> adserver for domain MYADDOMAIN.
>> [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61)
>>  Error connecting to NETLOGON pipe. Error was 
>> NT_STATUS_NO_TRUST_SAM_ACCOUNT
>> Unable to join domain MYADDOMAIN.
>
> Schannel is on RPC connections so you will see the same processing
> regardless of how winbindd is configured.  You can set 'client schannel =
> no' in smb.conf.  What version of Samba is this.?
>
>
>
>
> cheers, jerry
> =====================================================================
> I live in a Reply-to-All world.               -----------------------
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
>
> iD8DBQFD/G4kIR7qMdg1EfYRApKAAKDYZ7xjn8/mY7Ume7nVnH8mtkShCgCgifz1
> 0rf30YyqVzKveX3UHvTdnC0=
> =zQy/
> -----END PGP SIGNATURE-----
>
> -- 
> This email and all contents are subject to the following disclaimer:
> http://www.dcdata.co.za/emaildisclaimer.html
> 


-- 
This email and all contents are subject to the following disclaimer:
http://www.dcdata.co.za/emaildisclaimer.html



More information about the samba mailing list