Matt Sapp
2002-Oct-31 11:15 UTC
[Samba] Error joining Win2K domain: ads_connect: DSA is unavailable
I'm running 3.0alpha (both current CVS pull and alpha20 from dist) and trying to have my samba server join our already in place Win2K ADS domain. I am able to 'kinit user@DOMAIN' and auth successfully, but upon attempting 'net ads join', I get the following: # net ads join -Uadministrator administrator password: [2002/10/31 05:11:19, 1] libsmb/clikrb5.c:krb5_mk_req2(63) krb5_get_credentials failed for mnu-server$@MNU.EDU (No credentials found with supported encryption types) [2002/10/31 05:11:19, 1] utils/net_ads.c:ads_startup(148) ads_connect: DSA is unavailable Any suggestions? -Matt MNU Internet System Administrator MNU Network Security Administrator
Andrew Bartlett
2002-Oct-31 11:58 UTC
[Samba] Error joining Win2K domain: ads_connect: DSA is unavailable
On Thu, Oct 31, 2002 at 05:14:19AM -0500, Matt Sapp wrote:> I'm running 3.0alpha (both current CVS pull and alpha20 from dist) and trying to have my samba server join our already in place Win2K ADS domain. I am able to 'kinit user@DOMAIN' and auth successfully, but upon attempting 'net ads join', I get the following: > > # net ads join -Uadministrator > administrator password: > [2002/10/31 05:11:19, 1] libsmb/clikrb5.c:krb5_mk_req2(63) > krb5_get_credentials failed for mnu-server$@MNU.EDU (No credentials found with supported encryption types) > [2002/10/31 05:11:19, 1] utils/net_ads.c:ads_startup(148) > ads_connect: DSA is unavailableYou have not got the latest MIT kerberos (you need a snapshot, the releases don't seem to support it) and your Administrator password has not been changed since you upgraded to ADS. As such the only password is the MD4 based password from pre-ads, which MIT can't use. Andrew Bartlett
Matt Sapp
2002-Nov-04 06:45 UTC
[Samba] Error joining Win2K domain: ads_connect: DSA is unavailable
I had changed my administrator password on the Win2K server prior to doing the "net ads join". 'kinit administrator@MNU.EDU' is successful. I went ahead and pulled down the krb5-current snapshot from MIT, and samba3.0alpha wont build with it. 30 some lines of errors when 'Linking bin/smbd', if anyone is interested. Looks like brokenness in krb5 though. Is there a snapshot out there known to work with samba+win2k kdc? Or any other idea? Is there no one running samba as a member in a Active directory? :) -Matt MNU Internet System Administrator MNU Network Security Administrator --- Original Message Below --- From: Andrew Bartlett <abartlet@samba.org> To: Matt Sapp <matt@mnu.edu> Subject: Re: [Samba] Error joining Win2K domain: ads_connect: DSA is unavailable Date: Thu, 31 Oct 2002 11:57:22 +0000 On Thu, Oct 31, 2002 at 05:14:19AM -0500, Matt Sapp wrote:> I'm running 3.0alpha (both current CVS pull and alpha20 from dist) and trying to have my samba server join our already in place Win2K ADS domain. I am able to 'kinit user@DOMAIN' and auth successfully, but upon attempting 'net ads join', I get the following: > > # net ads join -Uadministrator > administrator password: > [2002/10/31 05:11:19, 1] libsmb/clikrb5.c:krb5_mk_req2(63) > krb5_get_credentials failed for mnu-server$@MNU.EDU (No credentials found with supported encryption types) > [2002/10/31 05:11:19, 1] utils/net_ads.c:ads_startup(148) > ads_connect: DSA is unavailableYou have not got the latest MIT kerberos (you need a snapshot, the releases don't seem to support it) and your Administrator password has not been changed since you upgraded to ADS. As such the only password is the MD4 based password from pre-ads, which MIT can't use. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba