[Samba] Trouble Joining Active Directory

M Maki mmaki at adelphia.net
Thu Mar 1 23:35:46 GMT 2007


Having trouble getting Samba 3.0.24 on Debian Stable to join an Active Directory domain. I previously thought the problem stemmed from an earlier bug that has been fixed in 3.0.23 that required a user to have full Admin rights. I do not have full admin rights. I do have rights to add machines which I do regularily. Read through Samba ADS Domain Membership. Below is my kinit, smb.conf and debug from my join attempt.

Thanks for any advice, Mike

$ kinit -V mmaki
Password for mmaki at ABC.DEF.NET:
Authenticated to Kerberos v5

$ sudo testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
  workgroup = ABC
  realm = ABC.DEF.NET
  security = ADS
  password server = inppwoadc1.abc.def.net
  preferred master = No
  local master = No
  domain master = No
  wins server = 192.168.1.10
  idmap uid = 10000-40000
  idmap gid = 10000-40000

[data]
  path = /home/dest/current
  admin users = ABC\mmaki

$ sudo net -d 2 ads join -U mmaki
lib/interface.c:add_interface(81)
samomaki's password:
libsmb/cliconnect.c:cli_session_setup_kerberos(546)
  Doing kerberos session setup
Using short domain name -- ABC
  rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
  cli_rpc_pipe_open: cli_nt_create failed on pipe
  \NETLOGON to machine INPPWOADC1.abc.def.net.
  Error was NT_STATUS_ACCESS_DENIED
utils/net_rpc_join.c:net_rpc_join_ok(70)
  net_rpc_join_ok: failed to get schannel session key
  from server INPPWOADC1.abc.def.net for domain ABC.
  Error was NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
utils/net.c:main(988)
  return code = -1



More information about the samba mailing list