[Samba] net ads join -U syntax: userid@domain confuses kerberos

Thomas Nimphy tnimphy at web.de
Tue Mar 10 08:50:37 GMT 2009

I try to join a Samba 3.2 server on RHEL 4 to AD using

net ads join -d 2 -U myaccount at MAINDOM.COM

The domain to join the samba server should join to is a subdomain of MAINDOM.COM, call it SUB1.MAINDOM.COM.

The interesting part of smb.conf is:

   workgroup = SUB1
   security = ADS
   realm = SUB1.MAINDOM.COM

When joining I get

kerberos_kinit_password myaccount at MAINDOM.COM@SUB1.MAINDOM.COM failed: Malformed representation of principal

However, the join is successful if a use a useraccount of the subdomain SUB1 (omitting the @<domain> syntax!):

net ads join -d 2 -U mysub1account

Samba 3.2 net utility obviously does not know how to deal with @MAINDOM.COM added to the userid in -U parameter.

To join a samba server to a subdomain using a useraccount in the 'maindomain' worked fine in 3.0 versions of samba (3.0.9, 3.025)

Does anybody know if this behaviour has been changed on purpose from 3.0 to 3.2? Any workarounds that exist?
I tested with Samba 3.3.1 as well, same behaviour.

Regards .. Thomas

Jetzt 1 Monat kostenlos! WEB.DE FreeDSL - Telefonanschluss + DSL
für nur 17,95 EURO/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a

More information about the samba mailing list