[Samba] kinit works, net join ads fails
eric roseme
eroseme at emonster.rose.hp.com
Thu Sep 27 16:57:04 GMT 2007
I know this sounds a little strange, but I was having the same problem
on 3.0.25c, but adding the password to the command line solved it. I
have no idea why:
net ads join -U administrator%password
Eric Roseme
Peter Baumgartner wrote:
>> I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
>> the ticket via klist, but am unable to join the domain.
>>
>> /usr/sfw/sbin/net -d 5 ads join -U user at DOMAIN.LOCAL
>>
>> gives the following error...
>>
>> [2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593)
>> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
>> file found)
>> [2007/08/29 15:49:24, 0] libads/kerberos.c:(228)
>> kerberos_kinit_password user at DOMAIN.LOCAL failed: Preauthentication
>> failed
>> [2007/08/29 15:49:24, 1] utils/net_ads.c:(1470)
>> error on ads_startup: Preauthentication failed
>> Failed to join domain: Logon failure
>> [2007/08/29 15:49:24, 2] utils/net.c:(1032)
>>
>> I have synced the time on the Samba box with my domain controller. Any
>> thoughts on what is wrong?
>
> On 9/3/07, Necos Secon <secon_kun at hotmail.com> wrote:
>> So, just a few things to check:
>>
>> 1.) Typo's in the realm name.
>> 2.) Typo's in the krb5.conf file (I use heimdal)
>> 3.) Try running the net ads join with the administrator account (if you're
>> using another account).
>> 4.) Checking the the AD server to make sure that you don't have an old
>> machine account for the Samba machine.
>
> I've tried all this and still am having no luck. I don't believe it is
> an issue in krb5.conf because kinit and smbclient work properly. I
> just can't join it to the domain. Any other thoughts?
More information about the samba
mailing list