[Samba] Samba 3.6.23 joining Win2K12 AD

Adrian Graham binarydinosaurs at gmail.com
Fri Jun 6 09:19:42 MDT 2014


I'm trying to get said Samba version connecting to a new domain controller.
Previously it was v3.0.33 talking to a Win2k3 DC.

Smb.conf is correct with new domain and Kerberos realms, /etc/krb5.conf has
the new info, I can kinit successfully with a domain user but net join ads
fails with:

"kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity
check failed"

Googling seems to imply I'm attempting to connect to an RODC, but while one
of those exists the net ads command I'm using is:

net ads join -U username at domain -S writeable-dc

The username has write access to that particular OU.

Do I need to do anything to the DC itself?


Owner of Binary Dinosaurs, the UK's biggest home computer collection?

More information about the samba mailing list