[Samba] Joining Domain
Harry Jede
walk2sun at arcor.de
Wed Aug 27 10:12:01 MDT 2014
On 18:01:44 wrote Andre Kruger:
> UPDATE:
>
> I got the samba server to join my domain using
>
> net rpc join -U krugersa
>
> instead of
>
> net ads join -U krugersa
>
> The new problem I have now is similar to my previous problem. First
> things first. I started winbindd interactively, ""winbindd -I". I
> can then list all of our domains using "wbinfo --all-domains". The
> command returns results as expected.
>
> Next I can check the secret between my samba server and AD using
> "wbindo -t". I get expected results: "checking the trust secret for
> domain DOMAIN via RPC calls succeeded".
>
>
> However, when I try and list either AD users or groups using "wbinfo
> -u" or "wibinfo -g", immediately after issuing the command I get the
> following on the winbinnd interactive window:
>
> ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
> kinit succeeded but ads_sasl_spnego_krb5_bind failed:
> NT_STATUS_NOT_SUPPORTED <----- This is the same error message as
> before when I was trying to join my domain using "net ads join..."
>
>
>
>
> kerberos_kinit_password SAMBATEST$@AD.DOMAIN.COM failed: Clock skew
> too great <----- I have no idea where this is coming from. The
> clocks on my samba server and my DC are exactly the same. And
> SAMBATEST??
Different time settings!
This is a must have:
Linux HW clock GMZ
Windows HW clock Local Time Zone
anything else fails
Set your Windows client ntp time server to your DC instead of
microsoft.com
https://wiki.samba.org/index.php/Time_Synchronisation
--
regards
Harry Jede
More information about the samba
mailing list