[Samba] Adding Samba Server to Windows AD Domain

M Maki mmaki at adelphia.net
Thu Dec 13 23:04:02 GMT 2007 

I'm having trouble adding a samba member server
to a Windows Active Directory domain.

samba server is version 3.0.28 compiled with ads support
on Debian Sarge. I've read the Samba ADS Domain
Membership HOWTO and followed it as best I could.

I am successful authenticating with
kinit -V mmaki at MY.DOMAIN.NET
Password for mmaki at MY.DOMAIN.NET:
Authenticated to Kerberos v5

Very minimal smb.conf
[Global]
  workgroup = MY 
  realm = MY.DOMAIN.NET
  security = ADS
  password server = dc1.my.domain.net

I'm trying to add the server with the command:
net ads -d 2 join -U mmaki at MY.DOMAIN.NET

The result is
lib/interface.c:add_interface(81)
  added interface ip=192.168.15.10 bcast=192.168.15.127
mask=255.255.255.128
mmaki at MY.DOMAIN.NET's password: 
libsmb/cliconnect.c:cli_session_setup_kerberos(613)
  Doing kerberos session setup
Using short domain name -- MY
rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
  cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to
machine DC1.MY.DOMAIN.NET.  Error was NT_STATUS_ACCESS_DENIED
utils/net_rpc_join.c:net_rpc_join_ok(70)
  net_rpc_join_ok: failed to get schannel session key from
server INPPWOADC1.MY.DOMAIN.NET for domain NPS. Error was
NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
Failed to join domain: Success
utils/net.c:main(1036)
  return code = -1

A few things to note:
This is in a very large domain. I do not have Administrator
access to a domain controller. I can only add computers to my OU.
The member server account already exists on the server. My OU for
computers is
my.domain.net/PWR/A and B Network/HQ10/Computers

I've seen reference in the HOWTO for adding to a specific OU with
net ads join "Computers/BusinessUnit/Department/Servers" but
I'm not sure if the spaces in my OU "A and B Network" are
causing problems. When I use the command with the OU I get

Bad option: /PWR/A and B Network/HQ10/Computers
Failed to join domain: Invalid parameter

I've tried different ways of escaping the spaces
but I'm not even sure if that's even the problem.

Any suggestions would be greatly appreciated.

Mike

More information about the samba mailing list