[Samba] Joining AD Domain = NT_STATUS_INVALID_COMPUTER_NAME

Rowley, Mathew Mathew_Rowley at cable.comcast.com
Tue Nov 2 10:47:52 MDT 2010 

When I try and join my AD domain, I get the following error:

root at mat-desktop:~# net join -I 10.252.159.137 -U Administrator
Enter Administrator's password:
[2010/11/02 10:38:01.176096,  0] utils/net_rpc_join.c:406(net_rpc_join_newstyle)
 Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain SECLAB.


In my smb.conf, my computer name is set to 'MAT-DESKTOP' (which I thought was a valid name):

root at mat-desktop:~# grep -A1 'server string' /etc/samba/smb.conf
server string = MAT-DESKTOP
netbios name = MAT-DESKTOP


Does anyone know why else I would be getting that error message?  kinit work fine, and here are my additional configs:


krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
kdc = SYSLOG:INFO:AUTH
admin_server = FILE:/var/log/kadmind.log
admin_server = SYSLOG:INFO:AUTH

[libdefaults]
default_realm = SECLAB
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[appdefaults]
pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
}

[realms]
SECLAB = {
kdc = seclab.security.lab.net:88
default_domain = seclab.security.lab.net<http://seclab.security.lab.net/>
}

.seclab.security.lab.net = SECLAB
seclab.security.lab.net<http://seclab.security.lab.net/> = SECLAB



smb.conf:
[global]

  workgroup = SECLAB

server string = MAT-DESKTOP
netbios name = MAT-DESKTOP

  dns proxy = no

  log file = /var/log/samba/log.%m

  max log size = 1000

  syslog = 0

  panic action = /usr/share/samba/panic-action %d

  security = ads

  encrypt passwords = true

  passdb backend = tdbsam

  obey pam restrictions = yes

  unix password sync = yes

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

  pam password change = yes

  map to guest = bad user
  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  template shell = /bin/bash
  winbind use default domain = no
  password server = seclab.security.lab.net<http://seclab.security.lab.net/> //your AD-server
 realm = SECLAB

  usershare allow guests = yes

[homes]
  comment = Home Directories
  browseable = no
  writable = yes

[printers]
  comment = All Printers
  browseable = no
  path = /var/spool/samba
  printable = yes
  guest ok = no
  read only = yes
  create mask = 0700

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/printers
  browseable = yes
  read only = yes
  guest ok = no

More information about the samba mailing list