joining ads domain

Andrew Bartlett abartlet at samba.org
Fri Nov 8 23:29:00 GMT 2002 

On Sat, 2002-11-09 at 09:28, Martin Hofmann wrote:
> I am trying to set up a samba machine to be a member of an ads domain.  
> I am following the instructions in the latest samba docs (ch. 8) and 
> have got as far as creating the computer account.  I did a "kinit" as a 
> user that has administrative rights (I am not sure exactly what rights 
> the user has,  I am not the ads administrator) and then tried to do a 
> "net ads join" as root and I get the following errors:
> 
> [2002/11/08 14:14:31, 0] libads/kerberos.c:ads_kinit_password(122)
>    kerberos_kinit_password root at MYDOMAIN.UVIC.CA failed: Client not 
> found in Kerberos database
> root password:
> [2002/11/08 14:14:34, 0] libads/kerberos.c:ads_kinit_password(122)
>    kerberos_kinit_password root at MYDOMAIN.UVIC.CA failed: Client not 
> found in Kerberos database
> [2002/11/08 14:14:34, 1] utils/net_ads.c:ads_startup(148)
>    ads_connect: Invalid credentials
> 
> It seems to need a root password for MYDOMAIN, there is no user named 
> root on the ads server.  Do I need to create a root user on the ads 
> server?  Or could the problem be with the rights of the user that got 
> the Kerberos ticket?  Or is it a completely different problem?  Any 
> advice appreciated.

While you have to run 'net' as root locally (so it can write to the
local files it needs) you must specify the correct remote user.  That
user must have privileges for joining a machine to the domain.

Depending on what version of Samba 3.0 you are running, it may or may
not default to the local user, or the 'admistrator'.  Either way, just
run 'net join -Uadministrator' and type in the password.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021108/95637afd/attachment.bin

More information about the samba-technical mailing list