[Samba] join samba to a 2003 rc2 domain
Gerald (Jerry) Carter
jerry at samba.org
Fri Jul 6 14:22:55 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
smlacc1 leador wrote:
> We have identified a problem joining samba to a windows 2003 rc2 domain.
> Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join
> ads would throw up the error:
>
> cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
> domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED
> net_rpc_join_ok: failed to get schannel session key from server
> domaincontroller.mynet.mydomain.com for domain mynet. Error was
> NT_STATUS_ACCESS_DENIED
> Failed to verify membership in domain!
> Failed to join domain: Success
> return code = -1
>
> A temporary workaround for this is to add "netlogon" to the group policy
> under "named pipes that can be accessed anonymously". this would seem to
> suggest that samba cannot join a domain unless it is granted anonymous
> access to the netlogon pipe.
>
> Our windows admins dont want to permanently open this, so is there a way to
> get samba net join to work correctly without having anonymous access to the
> netlogon pipe?
Please file this as a bug at https://bugzilla.samba.org/ and we'll fix
it. Thanks.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGjlA/IR7qMdg1EfYRApdnAJ0bBJ6Vl2UYjLQ+EwvTk4MToN1YYwCfSZOD
OBm4bW165N00xrFwUkHXycU=
=LSGd
-----END PGP SIGNATURE-----
More information about the samba
mailing list