[Samba] Trouble Joining Active Directory
M Maki
mmaki at adelphia.net
Thu Mar 1 23:35:46 GMT 2007
Having trouble getting Samba 3.0.24 on Debian Stable to join an Active Directory domain. I previously thought the problem stemmed from an earlier bug that has been fixed in 3.0.23 that required a user to have full Admin rights. I do not have full admin rights. I do have rights to add machines which I do regularily. Read through Samba ADS Domain Membership. Below is my kinit, smb.conf and debug from my join attempt.
Thanks for any advice, Mike
$ kinit -V mmaki
Password for mmaki at ABC.DEF.NET:
Authenticated to Kerberos v5
$ sudo testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = ABC
realm = ABC.DEF.NET
security = ADS
password server = inppwoadc1.abc.def.net
preferred master = No
local master = No
domain master = No
wins server = 192.168.1.10
idmap uid = 10000-40000
idmap gid = 10000-40000
[data]
path = /home/dest/current
admin users = ABC\mmaki
$ sudo net -d 2 ads join -U mmaki
lib/interface.c:add_interface(81)
samomaki's password:
libsmb/cliconnect.c:cli_session_setup_kerberos(546)
Doing kerberos session setup
Using short domain name -- ABC
rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
cli_rpc_pipe_open: cli_nt_create failed on pipe
\NETLOGON to machine INPPWOADC1.abc.def.net.
Error was NT_STATUS_ACCESS_DENIED
utils/net_rpc_join.c:net_rpc_join_ok(70)
net_rpc_join_ok: failed to get schannel session key
from server INPPWOADC1.abc.def.net for domain ABC.
Error was NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
utils/net.c:main(988)
return code = -1
More information about the samba
mailing list