[Samba] net ads join -U syntax: userid@domain confuses kerberos
Thomas Nimphy
tnimphy at web.de
Tue Mar 10 08:50:37 GMT 2009
I try to join a Samba 3.2 server on RHEL 4 to AD using
net ads join -d 2 -U myaccount at MAINDOM.COM
The domain to join the samba server should join to is a subdomain of MAINDOM.COM, call it SUB1.MAINDOM.COM.
The interesting part of smb.conf is:
[global]
workgroup = SUB1
security = ADS
realm = SUB1.MAINDOM.COM
When joining I get
kerberos_kinit_password myaccount at MAINDOM.COM@SUB1.MAINDOM.COM failed: Malformed representation of principal
However, the join is successful if a use a useraccount of the subdomain SUB1 (omitting the @<domain> syntax!):
net ads join -d 2 -U mysub1account
Samba 3.2 net utility obviously does not know how to deal with @MAINDOM.COM added to the userid in -U parameter.
To join a samba server to a subdomain using a useraccount in the 'maindomain' worked fine in 3.0 versions of samba (3.0.9, 3.025)
Does anybody know if this behaviour has been changed on purpose from 3.0 to 3.2? Any workarounds that exist?
I tested with Samba 3.3.1 as well, same behaviour.
Regards .. Thomas
_______________________________________________________________________
Jetzt 1 Monat kostenlos! WEB.DE FreeDSL - Telefonanschluss + DSL
für nur 17,95 EURO/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a
More information about the samba
mailing list