[Samba] net ads join fails

Roman Dilken rdilken at gmx.de
Tue Mar 10 13:01:22 MDT 2015


On 10.03.2015 19:25, Rowland Penny wrote:

> 
> Hi, what are you trying to join to?
> 
> Remove this line 'idmap_ldp:use rfc2307 = yes'
> 
> one) it should be 'idmap_ldb:use rfc2307 = yes' two) it is only
> used on a DC.
> 
> How are you trying to do the join ?
> 
> Rowland
> 
> 

Hi,

I commented it out but it didn't change the behaviour.

I tried the following commands:

1.) samba-tool domain join ad.dilken.eu MEMBER -UAdministrator
--realm=AD.DILKEN.EU --site=Neuoetting -d 10


Result (last lines): Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 291
Received smb_krb5 packet of length 1293
Received smb_krb5 packet of length 1310
Received smb_krb5 packet of length 1288
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection



2.)  net ads join -UAdministrator -d 10 -k

Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
kerberos_kinit_password: as Administrator using [MEMORY:cliconnect] as
ccache and config [(null)]
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server
principal=cifs/dc2.ad.dilken.eu at AD.DILKEN.EU
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
expiration Mi, 11 Mär 2015 05:58:30 CET
ads_krb5_mk_req: Ticket (cifs/dc2.ad.dilken.eu at AD.DILKEN.EU) in ccache
(MEMORY:cliconnect) is valid until: (Mi, 11 Mär 2015 05:58:30 CET -
1426049910)
Got KRB5 session key of length 16


I want to join the freebsd-machine as member-server for winbind. It's
my workstation.

Greetings,

Roman


More information about the samba mailing list