[Samba] Samba 4 KVNO mismatch - Failure to join AD domain (Windows & Freenas)

Jeremy Allison jra at samba.org
Wed Apr 4 09:49:05 MDT 2012

On Wed, Apr 04, 2012 at 08:22:10PM +1000, Andrew Bartlett wrote:
> On Fri, 2012-03-30 at 00:02 +0300, George Diamantopoulos wrote:
> > Hello all,
> > 
> > I've run into the issue described here:
> > http://lists.samba.org/archive/samba-technical/2010-September/073075.html
> > 
> > To sum it up, I installed samba4 from git on a debian wheezy system.
> > Initially, I was able to join Windows 7 clients to the AD controller.
> > However, trying to get freenas 8 to join has been failing. In the end,
> > trying to get it to work I changed administrator's password (via
> > dsa.msc) which broke AD joining for windows clients too. KVNO in
> > secrets.keytab file has always been "1". Could this mismatch be the
> > cause of the failures?
> > 
> > I rebooted all clients (to get rid of stale tickets) to no avail. The
> > only way to fix this was to run the provision script again, but now
> > samba is not very stable (I managed to join the AD domain, but upon
> > login I get The security database on the server does not have a
> > computer account for this workstation trust relationship).
> > 
> > I really don't know where to start. Do you think using samba from
> > debian SID would be wiser than building from git? Are there any other
> > errors in the log I didn't spot? Is KVNO mismatch the reason joining
> > fails, or are there more errors?
> Samba is best installed from git.  

Just want to point out this is a very *temporary* situation, until
we get closer to Samba4 release. I know that is what Andrew meant,
right ? :-) :-).

We're not seriously suggesting that "git" is the best way to get
your stable Samba (just wanted to make that clear :-).


More information about the samba mailing list