[Samba] Issues with joining to W2k3 domain
Paul K
paulketelaar at gmail.com
Fri Jul 31 00:01:27 MDT 2009
Hi everyone,
I have a gentoo server running samba, winbindd, squid and apache as my main
proxy server. I have had it authenticating 100% for a few weeks now.
Recently I can no longer join my server to the domain again using the
command "net rpc join -U username%password -S PDC".
The follwing message is displayed.
[2009/07/31 15:46:10, 0] utils/net_rpc_join.c:net_rpc_join_ok(81)
net_rpc_join_ok: failed to get schannel session key from server PDC for
domain DOMAINNAME. Error was NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAINNAME.
I opened up my /var/log/samba/lob.wb-DOMAINNAME logfile. below is the
result:
[2009/07/31 15:46:16, 0] libsmb/credentials.c:creds_client_check(324)
creds_client_check: credentials check failed.
[2009/07/31 15:46:16, 0]
rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_$
rpccli_netlogon_sam_network_logon: credentials chain check failed
The strange thing is:
- According to AD in 2003, the machine has joined (I deleted beforehand).
- I can perform authentication using wbinfo -a -u and -g. It shows all
information.
One might say that it is working fine.. but I am rather concerned about the
error above.
- If I create a new machine account from AD and assign the computer as a
pre-2000 computer, the "net rpc join" command works perfectly. However,
because there is no encryption happening between the computer account,
authentication failes with winbindd.
What could be causing this error? I thought it might be a microsoft
security update.. I am certain I have not changed any of my configs. I
thought I would ask in here first.
Any help would be appreciated!
Thanks,
Paul
More information about the samba
mailing list