[Samba] Fwd: Re: Failed to join domain: failed to join domain 'XXX.YYY' over rpc: Access denied

Cyril Feraudet samba at feraudet.com
Tue Aug 26 06:08:27 MDT 2014 

Thanks for the reply.

Le 2014-08-26 12:30, steve a écrit :
> On Tue, 2014-08-26 at 12:02 +0200, Cyril Feraudet wrote:
>> Hi all,
>> 
>> I get an error when I try to join domain from CentOS 6.5. Have you an
>> idea ?
>> 
>> 
>> /etc/samba/smb.conf :
>> ---------------------
>> [global]
>>          workgroup = XXX
>>          server string = Samba Server Version %v
>>          log file = /var/log/samba/log.%m
>>          max log size = 50
>>          realm = XXX.YYY
>>          security = ads
>>          idmap uid = 10000-20000
>>          idmap gid = 10000-20000
>>          password server = dcserver.xxx.yyy
>>          winbind separator = \
>> 
>> 
>> /etc/krb5.conf :
>> ----------------
>> [logging]
>>   default = FILE:/var/log/krb5libs.log
>>   kdc = FILE:/var/log/krb5kdc.log
>>   admin_server = FILE:/var/log/kadmind.log
>> 
>> [libdefaults]
>>   default_realm = XXX.YYY
>>   dns_lookup_realm = false
>>   dns_lookup_kdc = false
> 
> comment false and add:
> dns_lookup_kdc = true
done
> 
>>   ticket_lifetime = 24h
>>   renew_lifetime = 7d
>>   forwardable = true
>> 
>> [realms]
>>   XXX.YYY = {
>>    kdc = dcserver.xxx.yyy:88
>>    admin_server = dcserver.xxx.yyy:749
>>   }
>> 
>> [domain_realm]
>>   .xxx.yyy = XXX.YYY
>>   xxx.yyy = XXX.YYY
>> 
>> /var/kerberos/krb5kdc/kdc.conf :
>> --------------------------------
>> [kdcdefaults]
>>   kdc_ports = 88
>>   kdc_tcp_ports = 88
>> 
>> [realms]
>>   XXX.YYY= {
>>    #master_key_type = aes256-cts
>>    acl_file = /var/kerberos/krb5kdc/kadm5.acl
>>    dict_file = /usr/share/dict/words
>>    admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
>>    supported_enctypes = aes256-cts:normal aes128-cts:normal
>> des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal
>> des-cbc-md5:normal des-cbc-crc:normal
>>   }
>> 
>> Then :
>> ------
>> 
>> # kinit administrateur at XXX.YYY
>> Password for administrateur at XXX.YYY:
>> 
>> # kdb5_util create -s
>> Loading random data
>> Initializing database '/var/kerberos/krb5kdc/principal' for realm
>> 'XXX.YYY',
>> master key name 'K/M at XXX.YYY'
>> You will be prompted for the database Master Password.
>> It is important that you NOT FORGET this password.
>> Enter KDC database master key:
>> Re-enter KDC database master key to verify:
> 
> Remove /var/kerberos/krb5kdc/principal
done
> 
>> 
>> 
>> # net ads join -U "administrateur at JALMA.NET" -S serveur-8.jalma.net
> 
> now do:
> net ads join -Uadministrateur
> 
> Any better?
> HTH

Still the same :

net ads join -Uadministrateur
Enter administrateur's password:
Failed to join domain: failed to join domain 'JALMA.NET' over rpc: 
Access denied

More information about the samba mailing list