[Samba] join samba to a 2003 rc2 domain

Gerald (Jerry) Carter jerry at samba.org
Fri Jul 6 14:22:55 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

smlacc1 leador wrote:
> We have identified a problem joining samba to a windows 2003 rc2 domain.
> Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join
> ads would throw up the error:
> 
> cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
> domaincontroller.mynet.mydomain.com.  Error was NT_STATUS_ACCESS_DENIED
> net_rpc_join_ok: failed to get schannel session key from server
> domaincontroller.mynet.mydomain.com for domain mynet. Error was
> NT_STATUS_ACCESS_DENIED
> Failed to verify membership in domain!
> Failed to join domain: Success
> return code = -1
> 
> A temporary workaround for this is to add "netlogon" to the group policy
> under "named pipes that can be accessed anonymously".  this would seem to
> suggest that samba cannot join a domain unless it is granted anonymous
> access to the netlogon pipe.
> 
> Our windows admins dont want to permanently open this, so is there a way to
> get samba net join to work correctly without having anonymous access to the
> netlogon pipe?

Please file this as a bug at https://bugzilla.samba.org/ and we'll fix
it.  Thanks.







cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGjlA/IR7qMdg1EfYRApdnAJ0bBJ6Vl2UYjLQ+EwvTk4MToN1YYwCfSZOD
OBm4bW165N00xrFwUkHXycU=
=LSGd
-----END PGP SIGNATURE-----


More information about the samba mailing list