[Samba] AD domain membership problem
Stephen Roylance
sdr at sroylance.com
Sat Jul 7 22:08:38 GMT 2007
Hello, and thanks in advance for any assistance.
I have a linux machine that I'm trying to join to a windows 2003 sp1
active directory. The specifics are:
RHEL5, samba version samba-3.0.23c-2.el5.2.0.2
a firewall between this server and the rest of the world (which includes
the DCs), ports are open for kerberos and CIFS inbound and kerberos,
CIFS, NTP and UDP oubtound.
this machine (server.sub.domain.org) is in a subdomain of the AD domain
(domain.org)
I am able to run net ads join -U me createcomputer="/myOU/" and it seems
to succeed. net ads testjoin, net ads info, etc all seem to work
correctly. When I try to connect remotely or use smbclient locally with
-U me -W domain.org it fails with
"session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE"
and I see errors like:
[2007/07/07 17:50:54, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673)
cli_rpc_pipe_open_schannel: failed to get schannel session key from
server DC1.DOMAIN.ORG for domain DOMAIN.
[2007/07/07 17:50:54, 0]
auth/auth_domain.c:connect_to_domain_password_server(112)
connect_to_domain_password_server: unable to open the domain client
session to machine DC1.DOMAIN.ORG. Error was : NT_STATUS_ACCESS_DENIED.
[2007/07/07 17:50:54, 0] auth/auth_domain.c:domain_client_validate(206)
domain_client_validate: Domain password server not available.
running net ads changetrustpw hangs and never returns.
I've tried dropping and re-joining the machine to the domain many times,
every now and then it fails, but usually succeeds, but still does not
allow connections using domain credentials.
Any suggestions appreciated
-Steve
More information about the samba
mailing list