Dear Samba users. I have tried to add my Samba server to a Win2k AD mixed mode domain for several days. I have searched the Internet for information, but couldn't find a solution. So I will try to describe my problems here. I first tried to use "security = ADS" and add the Samba server as a native member. I have changed the settings in my krb5.conf and tested this with kinit: -- cut # kinit -V Password for administrator@DOMAIN.DOM: Authenticated to Kerberos v5 -- cut But when I try to add the server to the domain with the command "net ads join MEMBER -Uadministrator%password -d 10" I get the following error: -- cut [2003/12/13 23:30:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/12/13 23:30:00, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385) Got KRB5 session key of length 8 [2003/12/13 23:30:00, 1] utils/net_ads.c:ads_startup(181) ads_connect: Invalid credentials [2003/12/13 23:30:00, 2] utils/net.c:main(759) return code = -1 -- cut If i use a wrong password, I get a "preauthentication failed" so again the kerberos part should be OK. I then tried "security = domain". If I don't create a computer in the AD I get this error when running "net rpc join MEMBER -Uadministrator%password -d 10": -- cut [2003/12/13 23:27:40, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2003/12/13 23:27:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286) error setting trust account password: NT_STATUS_UNSUCCESSFUL Unable to join domain DOMAIN. [2003/12/13 23:27:40, 2] utils/net.c:main(759) return code = 1 -- cut If I create a computer account and set it to allow pre Window 2000 computers to use this account I get: -- cut [2003/12/13 23:29:28, 1] libsmb/cliconnect.c:cli_full_connection(1426) failed tcon_X with NT_STATUS_ACCESS_DENIED [2003/12/13 23:29:28, 1] utils/net.c:connect_to_ipc_anonymous(179) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(407) write_socket(5,45) [2003/12/13 23:29:28, 6] lib/util_sock.c:write_socket(410) write_socket(5,45) wrote 45 [2003/12/13 23:29:28, 10] lib/util_sock.c:read_smb_length_return_keepalive(463) got smb length of 35 [2003/12/13 23:29:28, 5] lib/util.c:show_msg(456) [2003/12/13 23:29:28, 5] lib/util.c:show_msg(466) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=22538 smb_pid=6905 smb_uid=3 smb_mid=28 smt_wct=0 smb_bcc=0 Unable to join domain DOMAIN. -- cut So as you can see, I haven't really succeed using any method. Anyone know what could cause all these problems or a straight solution how to solve them? Best regards Henrik
Henrik Larsson
2003-Dec-16 09:03 UTC
[Samba] Re: Unable to join Samba server to Win2k domain
> Anyone know what could cause all these problems or a straight solution how > to solve them?Upgraded to 3.0.1, and i still can't add my Samba server to the Windows 2000 domain. Same errors as described in my previous mail. What information more than the one i supplied could be usefull if i should add this as a bugreport? Best regards Henrik
John H Terpstra
2003-Dec-21 20:21 UTC
[Samba] Re: Unable to join Samba server to Win2k domain
On Sun, 21 Dec 2003, Henrik Larsson wrote:> > Attached is my smb.conf and krb5.conf > > > > The debug log files are too big to attach here but i have uploaded them to > a > > webserver. > > Since no one responded, would it be ok to file this as a bug report?You can file bugs at: https://bugzilla.samba.org By posting a bug report in bugzilla there is a permanent record that must be acted on. Bug reports on this list can get lost or overlooked. - John T. -- John H Terpstra Email: jht@samba.org