[Samba] kinit works, net join ads fails

Necos Secon secon_kun at hotmail.com
Tue Sep 4 00:25:02 GMT 2007

I actually had this happen to me not too long ago with Samba 3.0.25c. My 
problem was that I didn't set the ADS mode properly. You're always warned to 
set workgroup equal to the the pre-windows2000 domain name.

So, just a few things to check:

1.) Typo's in the realm name.
2.) Typo's in the krb5.conf file (I use heimdal)
3.) Try running the net ads join with the administrator account (if you're 
using another account).
4.) Checking the the AD server to make sure that you don't have an old 
machine account for the Samba machine.

Hope that helps.

Theodore Charles III
Network Administrator
Los Angeles Senior High (www.lahigh.org)

>From: "Peter Baumgartner" <sgt.hulka at gmail.com>
>To: samba at lists.samba.org
>Subject: [Samba] kinit works, net join ads fails
>Date: Wed, 29 Aug 2007 15:55:28 -0600
>I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
>the ticket via klist, but am unable to join the domain.
>/usr/sfw/sbin/net -d 5 ads join -U user at DOMAIN.LOCAL
>gives the following error...
>[2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593)
>   ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
>file found)
>[2007/08/29 15:49:24, 0] libads/kerberos.c:(228)
>   kerberos_kinit_password user at DOMAIN.LOCAL failed: Preauthentication 
>[2007/08/29 15:49:24, 1] utils/net_ads.c:(1470)
>   error on ads_startup: Preauthentication failed
>Failed to join domain: Logon failure
>[2007/08/29 15:49:24, 2] utils/net.c:(1032)
>I have synced the time on the Samba box with my domain controller. Any
>thoughts on what is wrong?
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba

Get a FREE small business Web site and more from Microsoft® Office Live! 

More information about the samba mailing list