[Samba] kerberos_kinit_password: preauthentication failed

Matt Millar staffmm at congleton.cheshire.sch.uk
Wed Jul 7 07:10:01 MDT 2010

This is the first time i've tried to register a samba server to a domain 
(previously i've connected using another program, likewise, i think).
I've been following 
I got to the point where i've configured smb.conf [global]:
realm = domain.internal
workgroup = DOMAIN
password server = *
encrypt passwords = true
security = ads
I then ran net ads join -U administrator
And it said that it had successfully registered hostname to domain.internal  
(however, when I looked in AD it wasn't there, i take it it should have 
appeared after that step?)
It also said that it said it couldn't update the dns records, so i googled 
it and was told to enter my FQDN hostname against in /etc/hosts.
I then realised that my hostname was wrong, so changed it in /etc/hostname 
and /etc/hosts, and restarted
then tried to rejoin the domain using net ads join -U administrator
It said:
kerberos_kinit_password newhostname$@domain.internal failed: 
Preauthentication failed
So i tried:
net ads join -U administrator -w domain.internal
and it didn't report any warnings or errors.
I'm just slightly confused, because the first time i ran "net ads join -U 
administrator" it went through fine, but when i ammended the hostname and 
ran it again, it errored with preauthentication failed, but "net ads join -U 
administrator -w domain.internal" went through with no errors.

Does it matter that the first time "net ads join -U administrator" worked, 
but the second time I needed "net ads join -U administrator -w 
domain.internal" for it to work?

Could anyone explain why it changed?


Matthew Millar

Note : This E-Mail is sent in confidence for the addressee only.
Unauthorised recipients must preserve this confidentiality and
should please advise the sender immediately by telephone and
then delete the message without copying or storing it or disclosing
its contents to any other person.

We have taken all reasonable precautions to ensure that no viruses
are transmitted to any third party.

Any liability (in negligence or otherwise) arising from any party
acting, or refraining from acting on any information contained
in this e mail is hereby excluded.

Should you communicate with anyone at this address by e-mail, 
you consent to us monitoring and reading any such correspondence.

Printing this email? Please think environmentally and only print when essential!

More information about the samba mailing list