[Samba] join samba to a 2003 rc2 domain
smlacc1 leador
smlacc1 at gmail.com
Wed Jul 4 18:28:21 GMT 2007
We have identified a problem joining samba to a windows 2003 rc2 domain.
Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join
ads would throw up the error:
cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED
net_rpc_join_ok: failed to get schannel session key from server
domaincontroller.mynet.mydomain.com for domain mynet. Error was
NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
Failed to join domain: Success
return code = -1
A temporary workaround for this is to add "netlogon" to the group policy
under "named pipes that can be accessed anonymously". this would seem to
suggest that samba cannot join a domain unless it is granted anonymous
access to the netlogon pipe.
Our windows admins dont want to permanently open this, so is there a way to
get samba net join to work correctly without having anonymous access to the
netlogon pipe?
Thanks.
More information about the samba
mailing list