[Samba] Joining Domain

Harry Jede walk2sun at arcor.de
Wed Aug 27 10:12:01 MDT 2014


On 18:01:44 wrote Andre Kruger:
> UPDATE:
> 
> I got the samba server to join my domain using 
> 
> net rpc join -U krugersa
> 
> instead of
> 
> net ads join -U krugersa
> 
> The new problem I have now is similar to my previous problem. First
> things first. I started winbindd interactively, ""winbindd -I". I
> can then list all of our domains using "wbinfo --all-domains". The
> command returns results as expected.
> 
> Next I can check the secret between my samba server and AD using
> "wbindo -t". I get expected results: "checking the trust secret for
> domain DOMAIN via RPC calls succeeded".
> 
> 
> However, when I try and list either AD users or groups using "wbinfo
> -u" or "wibinfo -g", immediately after issuing the command I get the
> following on the winbinnd interactive window:
> 
> ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
> kinit succeeded but ads_sasl_spnego_krb5_bind failed:
> NT_STATUS_NOT_SUPPORTED  <-----  This is the same error message as
> before when I was trying to join my domain using "net ads join..."
> 
> 
> 
> 
> kerberos_kinit_password SAMBATEST$@AD.DOMAIN.COM failed: Clock skew
> too great  <-----  I have no idea where this is coming from. The
> clocks on my samba server and my DC are exactly the same. And
> SAMBATEST??
Different time settings!

This is a must have:
Linux	HW clock GMZ
Windows	HW clock Local Time Zone

anything else fails

Set your Windows client ntp time server to your DC instead of 
microsoft.com


https://wiki.samba.org/index.php/Time_Synchronisation

-- 

regards
	Harry Jede


More information about the samba mailing list