[Samba] Problem authenticating against W2k3 ADS

Tom Weishaupt tom.weishaupt at distributel.ca
Fri Feb 1 13:11:56 GMT 2008 

I am trying to join authenticate a linux machine from a Windows 2003 SP2
ADS domain with Microsoft service for unix version 3.5 running
 
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and have the same krb5.conf, smb.conf and nsswitch.conf
files on both machines. Both machines are running the exact same
Distrubution of Linux and Samba and yet machine one authenticates and
machine two does not.
 
the error message that I currently get is
 
" ads_join_realm: Operations error " 
 
has anyone got any ideas as to a resolution to this problem
 
I have included the following
 
smb.conf
 
[global]
wins server =
workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=10000-20000
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=10000-20000
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom

nsswitch.conf
 

passwd:         compat winbind
group:          compat winbind
shadow:         compat
 
hosts:          files dns wins
networks:       files
 
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
 
netgroup:       nis

krb5.conf
 
[realms]
        DOMANNAME = {
                kdc = ADSSERVER
        }
        DOMAINSHORTNAME = {
                kdc = ADSSERVER
        }

 
[login]
        krb4_convert = true
        krb4_get_tickets = true

 
All these files are identical on both machines and both machines are
identical in time.
 
ANY SUGGESTIONS...

More information about the samba mailing list