joining ads domain

Fri Nov 8 22:37:01 GMT 2002

I am trying to set up a samba machine to be a member of an ads domain.  
I am following the instructions in the latest samba docs (ch. 8) and 
have got as far as creating the computer account.  I did a "kinit" as a 
user that has administrative rights (I am not sure exactly what rights 
the user has,  I am not the ads administrator) and then tried to do a 
"net ads join" as root and I get the following errors:

[2002/11/08 14:14:31, 0] libads/kerberos.c:ads_kinit_password(122)
   kerberos_kinit_password root at MYDOMAIN.UVIC.CA failed: Client not 
found in Kerberos database
root password:
[2002/11/08 14:14:34, 0] libads/kerberos.c:ads_kinit_password(122)
   kerberos_kinit_password root at MYDOMAIN.UVIC.CA failed: Client not 
found in Kerberos database
[2002/11/08 14:14:34, 1] utils/net_ads.c:ads_startup(148)
   ads_connect: Invalid credentials

It seems to need a root password for MYDOMAIN, there is no user named 
root on the ads server.  Do I need to create a root user on the ads 
server?  Or could the problem be with the rights of the user that got 
the Kerberos ticket?  Or is it a completely different problem?  Any 
advice appreciated.

Martin

Martin Hofmann                           Unix Systems Administrator
mhofmann at uvic.ca                    Library Systems Services
Ph: (250) 472-5069                     McPherson Library, University of 
Victoria