[Samba] kinit works, net join ads fails

eric roseme eroseme at emonster.rose.hp.com
Thu Sep 27 16:57:04 GMT 2007

I know this sounds a little strange, but I was having the same problem 
on 3.0.25c, but adding the password to the command line solved it.  I 
have no idea why:

net ads join -U administrator%password

Eric Roseme

Peter Baumgartner wrote:
>> I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
>> the ticket via klist, but am unable to join the domain.
>> /usr/sfw/sbin/net -d 5 ads join -U user at DOMAIN.LOCAL
>> gives the following error...
>> [2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593)
>>   ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
>> file found)
>> [2007/08/29 15:49:24, 0] libads/kerberos.c:(228)
>>   kerberos_kinit_password user at DOMAIN.LOCAL failed: Preauthentication
>> failed
>> [2007/08/29 15:49:24, 1] utils/net_ads.c:(1470)
>>   error on ads_startup: Preauthentication failed
>> Failed to join domain: Logon failure
>> [2007/08/29 15:49:24, 2] utils/net.c:(1032)
>> I have synced the time on the Samba box with my domain controller. Any
>> thoughts on what is wrong?
> On 9/3/07, Necos Secon <secon_kun at hotmail.com> wrote:
>> So, just a few things to check:
>> 1.) Typo's in the realm name.
>> 2.) Typo's in the krb5.conf file (I use heimdal)
>> 3.) Try running the net ads join with the administrator account (if you're
>> using another account).
>> 4.) Checking the the AD server to make sure that you don't have an old
>> machine account for the Samba machine.
> I've tried all this and still am having no luck. I don't believe it is
> an issue in krb5.conf because kinit and smbclient work properly. I
> just can't join it to the domain. Any other thoughts?

More information about the samba mailing list