[Samba] Joining ADS: unodocumented error

pablo at compugenic.com pablo at compugenic.com
Mon Nov 24 04:53:08 GMT 2008 

On Mon, Nov 24, 2008 at 03:47:52AM +0100, Alessandro Baretta wrote:
> Hi everyone,
>
> I am trying to set up a file server on Linux for Windows XP boxes in a  
> Windows Server 2003 environment. I followed an excellent tutorial on  
> Samba and ADS, which I recommend to all newbies like myself:  
> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081.  
> Kerberos authentication seems to succeed, and apparently there is  
> nothing wrong with my smb.conf file, yet when I try to add the server to  
> the ADS I get the following error message: "Failed to join domain:  
> Invalid configuration and configuration modification was not requested".  
> This error seems to be undocumented: I have found nothing either on  
> Google or on the samba.org site.
>
> Here's a transcript of a shell session showing this error.
>
>
> samba:~# kinit
> Password for Administrator at ARM.PRIV: <--- Authentication succeeds
> samba:~# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[fileserver]"
> Processing section "[printers]"
> Processing section "[print$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>    workgroup = ARM.PRIV
>    realm = ARM.PRIV
>    server string = File server avanzato
>    security = ADS
>    log level = 3
>    syslog = 0
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    panic action = /usr/share/samba/panic-action %d
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>
> [homes]
>    comment = Home Directories
>    valid users = %S
>    create mask = 0700
>    directory mask = 0700
>    browseable = No
>
> [fileserver]
>    comment = Cartelle condivise
>    path = /var/samba
>    read only = No
>    create mask = 0700
>
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    create mask = 0700
>    printable = Yes
>    browseable = No
>
> [print$]
>    comment = Printer Drivers
>    path = /var/lib/samba/printers
> samba:~# net ads join -U administrator
> Enter administrator's password:
> Failed to join domain: Invalid configuration and configuration  
> modification was not requested
>                        
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> If I mistype the password I get a different error message:
> samba:~# net ads join -U administrator%wrongpassword
> Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV'  
> over rpc: Logon failure
>
>
> Can anyone help me?
>
> -- 
> Alessandro Baretta
>

A couple of things to try.
1. Try the 'net join' command by getting rid of the space after the -U
and type the username in caps, as follows:
net ads join -UADMINISTRATOR
* Mine failed to join with a similar error as yours, then without
* changing any configuration, I did what I suggested above and the join
* succeeded.
2. If that didn't work, try changing 'workgroup = ARM.PRIV' to 'workgroup = ARM' in smb.conf.
Then try joining again via 'net ads join ...'.

More information about the samba mailing list