[Samba] Samba 3.6.23 joining Win2K12 AD

Adrian Graham binarydinosaurs at gmail.com
Fri Jun 6 09:19:42 MDT 2014


Folks,

I'm trying to get said Samba version connecting to a new domain controller.
Previously it was v3.0.33 talking to a Win2k3 DC.

Smb.conf is correct with new domain and Kerberos realms, /etc/krb5.conf has
the new info, I can kinit successfully with a domain user but net join ads
fails with:

"kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity
check failed"

Googling seems to imply I'm attempting to connect to an RODC, but while one
of those exists the net ads command I'm using is:

net ads join -U username at domain -S writeable-dc
createcomputer="OU/to/server/list"

The username has write access to that particular OU.

Do I need to do anything to the DC itself?

Cheers

-- 
adrian/witchy
Owner of Binary Dinosaurs, the UK's biggest home computer collection?
www.binarydinosaurs.co.uk


More information about the samba mailing list