I have been trying for two weeks to get onto a Win2k domain which has active directory with no success. The Suse YAST samba client will not do ADS, only domain, server, or user, so I went to the command line stuff I found the the Samba documentation. I can do kinit and get back the following: sha-linux:/etc/samba # kinit art_fore@3MTS.COM art_fore@3MTS.COM's Password: kinit: NOTICE: ticket renewable lifetime is 1 week When I do the net ads join, I get: (I use the same name and password in WinXP, different computer name and it works) sha-linux:/etc/samba # net ads join -U art_fore art_fore's password: [2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006) Host account for sha-linux already exists - modifying old account [2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access If I do the klist Tickets, it does not work, so I do klist -T: sha-linux:/etc/samba # klist -T Credentials cache: FILE:/tmp/krb5cc_0 Principal: art_fore@3MTS.COM Issued Expires Principal May 20 21:08:26 May 21 07:08:26 krbtgt/3MTS.COM@3MTS.COM Below is the global part of the smb.conf file: [global] workgroup = 3MTS realm = 3MTS.COM interfaces = 127.0.0.1 eth0 bind interfaces only = true printing = cups printcap name = cups printer admin = @ntadmin, root, administrator map to guest = Bad User security = ADS encrypt passwords = yes password server = mailman idmap uid = 10000-20000 idmap gid = 10000-20000 passdb backend = smbpasswd:/etc/samba/smbpasswd server string = Samba Server netbios name = sha-linux add machine script domain master = false domain logons = no local master = no preferred master = auto load printers = no ldap suffix = dc=com We use ldap and do not use PAM. Our local win network guru has no idea and is of no help. Does anyone have any ideas what the problem is? Winbind, smb and nmb are running. Art
Does the user "art_fore" have permission to create accounts on the Windows server? If not, try the Administrator account and see if that works... ____________________________ Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 ____________________________> -----Original Message----- > From: Art Fore [mailto:afore@sonic.net] > Sent: Friday, May 21, 2004 1:13 PM > To: samba@lists.samba.org > Subject: [Samba] Suse 9.1 Samba > > I have been trying for two weeks to get onto a Win2k domain which has > active directory with no success. The Suse YAST samba client will notdo> ADS, only domain, server, or user, so I went to the command line stuffI> found the the Samba documentation. > > I can do kinit and get back the following: > > sha-linux:/etc/samba # kinit art_fore@3MTS.COM > > art_fore@3MTS.COM's Password: > > kinit: NOTICE: ticket renewable lifetime is 1 week > > When I do the net ads join, I get: (I use the same name and passwordin> WinXP, different computer name and it works) > > sha-linux:/etc/samba # net ads join -U art_fore > > art_fore's password: > > [2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006) > > Host account for sha-linux already exists - modifying old account > > [2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342) > > ads_add_machine_acct: Insufficient access > > ads_join_realm: Insufficient access > > If I do the klist Tickets, it does not work, so I do klist -T: > > sha-linux:/etc/samba # klist -T > > Credentials cache: FILE:/tmp/krb5cc_0 > > Principal: art_fore@3MTS.COM > > Issued Expires Principal > > May 20 21:08:26 May 21 07:08:26 krbtgt/3MTS.COM@3MTS.COM > > Below is the global part of the smb.conf file: > > [global] > > workgroup = 3MTS > > realm = 3MTS.COM > > interfaces = 127.0.0.1 eth0 > > bind interfaces only = true > > printing = cups > > printcap name = cups > > printer admin = @ntadmin, root, administrator > > map to guest = Bad User > > security = ADS > > encrypt passwords = yes > > password server = mailman > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > passdb backend = smbpasswd:/etc/samba/smbpasswd > > server string = Samba Server > > netbios name = sha-linux > > add machine script > > domain master = false > > domain logons = no > > local master = no > > preferred master = auto > > load printers = no > > ldap suffix = dc=com > > We use ldap and do not use PAM. Our local win network guru has no idea > and is of no help. Does anyone have any ideas what the problem is? > Winbind, smb and nmb are running. > > Art > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
I am having the same exact problem except I am on Fedora Core 1 with Samba 3.0.4. Does the machine already exist in the domain/OU ? Jack -----Original Message----- From: samba-bounces+jack.palmadesso=siemens.com@lists.samba.org [mailto:samba-bounces+jack.palmadesso=siemens.com@lists.samba.org]On Behalf Of Art Fore Sent: Friday, May 21, 2004 1:44 PM To: samba@lists.samba.org Subject: Re: [Samba] Suse 9.1 Samba I do not have Administrator password, but I use my logon and password in XP to create an account when I change machine name. Art Shannon Johnson wrote:>Does the user "art_fore" have permission to create accounts on the >Windows server? If not, try the Administrator account and see if that >works... > >____________________________ > >Shannon Johnson >Network Support Specialist / Systems Administrator >Dept. of Mechanical and Nuclear Engineering >224 Reber Building >University Park, PA 16802 >Phone: (814) 865-8267 >____________________________ > > > > >>-----Original Message----- >>From: Art Fore [mailto:afore@sonic.net] >>Sent: Friday, May 21, 2004 1:13 PM >>To: samba@lists.samba.org >>Subject: [Samba] Suse 9.1 Samba >> >>I have been trying for two weeks to get onto a Win2k domain which has >>active directory with no success. The Suse YAST samba client will not >> >> >do > > >>ADS, only domain, server, or user, so I went to the command line stuff >> >> >I > > >>found the the Samba documentation. >> >>I can do kinit and get back the following: >> >>sha-linux:/etc/samba # kinit art_fore@3MTS.COM >> >>art_fore@3MTS.COM's Password: >> >>kinit: NOTICE: ticket renewable lifetime is 1 week >> >>When I do the net ads join, I get: (I use the same name and password >> >> >in > > >>WinXP, different computer name and it works) >> >>sha-linux:/etc/samba # net ads join -U art_fore >> >>art_fore's password: >> >>[2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006) >> >>Host account for sha-linux already exists - modifying old account >> >>[2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342) >> >>ads_add_machine_acct: Insufficient access >> >>ads_join_realm: Insufficient access >> >>If I do the klist Tickets, it does not work, so I do klist -T: >> >>sha-linux:/etc/samba # klist -T >> >>Credentials cache: FILE:/tmp/krb5cc_0 >> >>Principal: art_fore@3MTS.COM >> >>Issued Expires Principal >> >>May 20 21:08:26 May 21 07:08:26 krbtgt/3MTS.COM@3MTS.COM >> >>Below is the global part of the smb.conf file: >> >>[global] >> >>workgroup = 3MTS >> >>realm = 3MTS.COM >> >>interfaces = 127.0.0.1 eth0 >> >>bind interfaces only = true >> >>printing = cups >> >>printcap name = cups >> >>printer admin = @ntadmin, root, administrator >> >>map to guest = Bad User >> >>security = ADS >> >>encrypt passwords = yes >> >>password server = mailman >> >>idmap uid = 10000-20000 >> >>idmap gid = 10000-20000 >> >>passdb backend = smbpasswd:/etc/samba/smbpasswd >> >>server string = Samba Server >> >>netbios name = sha-linux >> >>add machine script >> >>domain master = false >> >>domain logons = no >> >>local master = no >> >>preferred master = auto >> >>load printers = no >> >>ldap suffix = dc=com >> >>We use ldap and do not use PAM. Our local win network guru has no idea >>and is of no help. Does anyone have any ideas what the problem is? >>Winbind, smb and nmb are running. >> >>Art >> >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: http://lists.samba.org/mailman/listinfo/samba >> >> > > > > >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Sorry, What I mean is did you already add the computer account to the domain from a windows admin console before you issued the command: net ads join -U art_fore -----Original Message----- From: samba-bounces+jack.palmadesso=siemens.com@lists.samba.org [mailto:samba-bounces+jack.palmadesso=siemens.com@lists.samba.org]On Behalf Of Art Fore Sent: Friday, May 21, 2004 2:06 PM To: samba@lists.samba.org Subject: Re: [Samba] Suse 9.1 Samba What do you mean "domain/OU"? It is on the 3mts domain. Art jack.palmadesso@siemens.com wrote:>I am having the same exact problem except I am on Fedora Core 1 with Samba >3.0.4. Does the machine already exist in the domain/OU ? > >Jack > >-----Original Message----- >From: samba-bounces+jack.palmadesso=siemens.com@lists.samba.org >[mailto:samba-bounces+jack.palmadesso=siemens.com@lists.samba.org]On >Behalf Of Art Fore >Sent: Friday, May 21, 2004 1:44 PM >To: samba@lists.samba.org >Subject: Re: [Samba] Suse 9.1 Samba > > >I do not have Administrator password, but I use my logon and password in >XP to create an account when I change machine name. > >Art > >Shannon Johnson wrote: > > > >>Does the user "art_fore" have permission to create accounts on the >>Windows server? If not, try the Administrator account and see if that >>works... >> >>____________________________ >> >>Shannon Johnson >>Network Support Specialist / Systems Administrator >>Dept. of Mechanical and Nuclear Engineering >>224 Reber Building >>University Park, PA 16802 >>Phone: (814) 865-8267 >>____________________________ >> >> >> >> >> >> >>>-----Original Message----- >>>From: Art Fore [mailto:afore@sonic.net] >>>Sent: Friday, May 21, 2004 1:13 PM >>>To: samba@lists.samba.org >>>Subject: [Samba] Suse 9.1 Samba >>> >>>I have been trying for two weeks to get onto a Win2k domain which has >>>active directory with no success. The Suse YAST samba client will not >>> >>> >>> >>> >>do >> >> >> >> >>>ADS, only domain, server, or user, so I went to the command line stuff >>> >>> >>> >>> >>I >> >> >> >> >>>found the the Samba documentation. >>> >>>I can do kinit and get back the following: >>> >>>sha-linux:/etc/samba # kinit art_fore@3MTS.COM >>> >>>art_fore@3MTS.COM's Password: >>> >>>kinit: NOTICE: ticket renewable lifetime is 1 week >>> >>>When I do the net ads join, I get: (I use the same name and password >>> >>> >>> >>> >>in >> >> >> >> >>>WinXP, different computer name and it works) >>> >>>sha-linux:/etc/samba # net ads join -U art_fore >>> >>>art_fore's password: >>> >>>[2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006) >>> >>>Host account for sha-linux already exists - modifying old account >>> >>>[2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342) >>> >>>ads_add_machine_acct: Insufficient access >>> >>>ads_join_realm: Insufficient access >>> >>>If I do the klist Tickets, it does not work, so I do klist -T: >>> >>>sha-linux:/etc/samba # klist -T >>> >>>Credentials cache: FILE:/tmp/krb5cc_0 >>> >>>Principal: art_fore@3MTS.COM >>> >>>Issued Expires Principal >>> >>>May 20 21:08:26 May 21 07:08:26 krbtgt/3MTS.COM@3MTS.COM >>> >>>Below is the global part of the smb.conf file: >>> >>>[global] >>> >>>workgroup = 3MTS >>> >>>realm = 3MTS.COM >>> >>>interfaces = 127.0.0.1 eth0 >>> >>>bind interfaces only = true >>> >>>printing = cups >>> >>>printcap name = cups >>> >>>printer admin = @ntadmin, root, administrator >>> >>>map to guest = Bad User >>> >>>security = ADS >>> >>>encrypt passwords = yes >>> >>>password server = mailman >>> >>>idmap uid = 10000-20000 >>> >>>idmap gid = 10000-20000 >>> >>>passdb backend = smbpasswd:/etc/samba/smbpasswd >>> >>>server string = Samba Server >>> >>>netbios name = sha-linux >>> >>>add machine script >>> >>>domain master = false >>> >>>domain logons = no >>> >>>local master = no >>> >>>preferred master = auto >>> >>>load printers = no >>> >>>ldap suffix = dc=com >>> >>>We use ldap and do not use PAM. Our local win network guru has no idea >>>and is of no help. Does anyone have any ideas what the problem is? >>>Winbind, smb and nmb are running. >>> >>>Art >>> >>> >>>-- >>>To unsubscribe from this list go to the following URL and read the >>>instructions: http://lists.samba.org/mailman/listinfo/samba >>> >>> >>> >>> >> >> >> >> >> > > >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba