[Samba] Samba 3.6.23 joining Win2K12 AD

Marc Muehlfeld mmuehlfeld at samba.org
Fri Jun 6 11:31:16 MDT 2014


Am 06.06.2014 17:19, schrieb Adrian Graham:
> I'm trying to get said Samba version connecting to a new domain controller.
> Previously it was v3.0.33 talking to a Win2k3 DC.
> Smb.conf is correct with new domain and Kerberos realms, /etc/krb5.conf has
> the new info, I can kinit successfully with a domain user but net join ads
> fails with:
> "kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity
> check failed"
> Googling seems to imply I'm attempting to connect to an RODC, but while one
> of those exists the net ads command I'm using is:
> net ads join -U username at domain -S writeable-dc
> createcomputer="OU/to/server/list"
> The username has write access to that particular OU.
> Do I need to do anything to the DC itself?

I can't answer your question. But you should try 4.1. The old 3.6 series
is already in security-only mode and will be discontinued soon. Maybe
your problem is gone/fixes with a recent version.


More information about the samba mailing list