[Samba] join samba to a 2003 rc2 domain

smlacc1 leador smlacc1 at gmail.com
Wed Jul 4 18:28:21 GMT 2007

We have identified a problem joining samba to a windows 2003 rc2 domain.
Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join
ads would throw up the error:

cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
domaincontroller.mynet.mydomain.com.  Error was NT_STATUS_ACCESS_DENIED
net_rpc_join_ok: failed to get schannel session key from server
domaincontroller.mynet.mydomain.com for domain mynet. Error was
Failed to verify membership in domain!
Failed to join domain: Success
return code = -1

A temporary workaround for this is to add "netlogon" to the group policy
under "named pipes that can be accessed anonymously".  this would seem to
suggest that samba cannot join a domain unless it is granted anonymous
access to the netlogon pipe.

Our windows admins dont want to permanently open this, so is there a way to
get samba net join to work correctly without having anonymous access to the
netlogon pipe?


More information about the samba mailing list