samba - Dec 2003 - Unable to join Samba server to Win2k domain

Dear Samba users.

I have tried to add my Samba server to a Win2k AD mixed mode domain for
several days. I have searched the Internet for information, but couldn't
find a solution. So I will try to describe my problems here.

I first tried to use "security = ADS" and add the Samba server as a
native
member.

I have changed the settings in my krb5.conf and tested this with kinit:
-- cut
# kinit -V
Password for administrator@DOMAIN.DOM:
Authenticated to Kerberos v5
-- cut

But when I try to add the server to the domain with the command "net ads
join MEMBER -Uadministrator%password -d 10" I get the following error:
-- cut
[2003/12/13 23:30:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2003/12/13 23:30:00, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
  Got KRB5 session key of length 8
[2003/12/13 23:30:00, 1] utils/net_ads.c:ads_startup(181)
  ads_connect: Invalid credentials
[2003/12/13 23:30:00, 2] utils/net.c:main(759)
  return code = -1
-- cut

If i use a wrong password, I get a "preauthentication failed" so again
the
kerberos part should be OK.

I then tried "security = domain".

If I don't create a computer in the AD I get this error when running
"net
rpc join MEMBER -Uadministrator%password -d 10":
-- cut
[2003/12/13 23:27:40, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424)
  cli_pipe: return critical error. Error was Call timed out: server did not
respond after 10000 milliseconds
[2003/12/13 23:27:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286)
  error setting trust account password: NT_STATUS_UNSUCCESSFUL
Unable to join domain DOMAIN.
[2003/12/13 23:27:40, 2] utils/net.c:main(759)
  return code = 1
-- cut

If I create a computer account and set it to allow pre Window 2000 computers
to use this account I get:
-- cut
[2003/12/13 23:29:28, 1] libsmb/cliconnect.c:cli_full_connection(1426)
  failed tcon_X with NT_STATUS_ACCESS_DENIED
[2003/12/13 23:29:28, 1] utils/net.c:connect_to_ipc_anonymous(179)
  Cannot connect to server (anonymously).  Error was NT_STATUS_ACCESS_DENIED
[2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(407)
  write_socket(5,45)
[2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(410)
  write_socket(5,45) wrote 45
[2003/12/13 23:29:28, 10]
lib/util_sock.c:read_smb_length_return_keepalive(463)
  got smb length of 35
[2003/12/13 23:29:28, 5] lib/util.c:show_msg(456)
[2003/12/13 23:29:28, 5] lib/util.c:show_msg(466)
  size=35
  smb_com=0x4
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=22538
  smb_pid=6905
  smb_uid=3
  smb_mid=28
  smt_wct=0
  smb_bcc=0
Unable to join domain DOMAIN.
-- cut

So as you can see, I haven't really succeed using any method.

Anyone know what could cause all these problems or a straight solution how
to solve them?


Best regards Henrik

> Anyone know what could cause all these problems or a straight solution how
> to solve them?
Upgraded to 3.0.1, and i still can't add my Samba server to the Windows 2000
domain. Same errors as described in my previous mail.

What information more than the one i supplied could be usefull if i should
add this as a bugreport?

Best regards Henrik

On Sun, 21 Dec 2003, Henrik Larsson wrote:
> > Attached is my smb.conf and krb5.conf
> >
> > The debug log files are too big to attach here but i have uploaded
them to
> a
> > webserver.
>
> Since no one responded, would it be ok to file this as a bug report?
You can file bugs at:

	https://bugzilla.samba.org

By posting a bug report in bugzilla there is a permanent record that must
be acted on. Bug reports on this list can get lost or overlooked.

- John T.
-- 
John H Terpstra
Email: jht@samba.org