Hmm.. I have actually found this somewhat useful!
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
Ta,
Dulantha.
Quoting dulantha@wwsemail.shacknet.nu:
> Hi All,
>
> Joining ADS native mode W2K domain with rc2 was not a problem.
> Now joining W2K3 domain with rc3 & 4 shows no errors when I do:
> kinit admin@DOM.BR3.ATH.CX
> net ads join DOM -U admin@DOM.BR3.ATH.CX
>
> But...
> wbinfo -t
> gives the following:
>
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
> Could not check secret
>
> And..
> klist tickets
> gives the following
>
> klist: No credentials cache found (ticket cache FILE:tickets)
>
> Also:
> klist -e
> gives:
>
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin@DOM.BR3.ATH.CX
>
> Valid starting Expires Service principal
> 09/15/03 12:46:39 09/15/03 22:46:39
> krbtgt/DOM.BR3.ATH.CX@DOM.BR3.ATH.CX
> Etype (skey, tkt): DES cbc mode with RSA-MD5, etype 23
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> So what do I need to do. Is this a kerberos problem? If not what do I need
to
>
> supply to track down what the problem is?
>
> Regards,
> Dulantha.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>