[Samba] Joining Domain

Harry Jede walk2sun at arcor.de
Wed Aug 27 10:12:01 MDT 2014

On 18:01:44 wrote Andre Kruger:
> I got the samba server to join my domain using 
> net rpc join -U krugersa
> instead of
> net ads join -U krugersa
> The new problem I have now is similar to my previous problem. First
> things first. I started winbindd interactively, ""winbindd -I". I
> can then list all of our domains using "wbinfo --all-domains". The
> command returns results as expected.
> Next I can check the secret between my samba server and AD using
> "wbindo -t". I get expected results: "checking the trust secret for
> domain DOMAIN via RPC calls succeeded".
> However, when I try and list either AD users or groups using "wbinfo
> -u" or "wibinfo -g", immediately after issuing the command I get the
> following on the winbinnd interactive window:
> ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
> kinit succeeded but ads_sasl_spnego_krb5_bind failed:
> NT_STATUS_NOT_SUPPORTED  <-----  This is the same error message as
> before when I was trying to join my domain using "net ads join..."
> kerberos_kinit_password SAMBATEST$@AD.DOMAIN.COM failed: Clock skew
> too great  <-----  I have no idea where this is coming from. The
> clocks on my samba server and my DC are exactly the same. And
Different time settings!

This is a must have:
Linux	HW clock GMZ
Windows	HW clock Local Time Zone

anything else fails

Set your Windows client ntp time server to your DC instead of 



	Harry Jede

More information about the samba mailing list