thr3ads.net - samba - [Samba] Can't mount samba drive or join domain with W2K3 server [Sep 2004]

If this information is useful, please help other people find it:
Share via:

Adam Rosi-Kessel

2004-Sep-02 14:50 UTC

[Samba] Can't mount samba drive or join domain with W2K3 server

Please cc me on replies.

My employer recently upgraded to W2K3.  I have no control over the
employer's set up and limited access to information.  Under the old
server, everything was working fine.  Now I can't mount the shared drive
anymore.

I'm running Debian sid; samba 3.0.6-3.

################################################
# mount shared_drive
cli_negprot: SMB signing is mandatory and we have disabled it.
13681: protocol negotiation failed
SMB connection failed
################################################

I have added to smb.conf:

################################################
client use spnego = yes
client signing = mandatory 
################################################

This makes no difference.

I never had to join the domain/workgroup before, but I thought I would
try it as I've seen that suggested in some postings.  That doesn't work
either (output slightly sanitized for confidentiality):

################################################
# net join -l -n my_computer_name -I shared_server_ip_address -U my_username
my_username's password:
[2004/09/02 10:44:17, 0] utils/net_ads.c:ads_startup(183)
  ads_connect: No such file or directory
[2004/09/02 10:44:17, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2004/09/02 10:44:17, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2004/09/02 10:44:17, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection):
NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain <domain_name>.
################################################

I tried adding a workgroup and realm line to /etc/samba/smb.conf:

realm = <domain_name>
workgroup = <domain_name>

Now I get:

################################################
# net join -l -n my_computer_name -I shared_server_ip_address -U my_username
my_username's password:
[2004/09/02 10:45:59, 0] libads/kerberos.c:ads_kinit_password(136)
  kerberos_kinit_password my_username@my_domain failed: Improper format of
Kerberos configuration file
[2004/09/02 10:45:59, 0] utils/net_ads.c:ads_startup(183)
  ads_connect: Improper format of Kerberos configuration file
[2004/09/02 10:45:59, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2004/09/02 10:46:00, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2004/09/02 10:46:00, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection):
NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain <domain_name>.
################################################

If I type the wrong password, it says "The username or password was not
correct." So it's clearly getting through one stage of authentication.

I am limited in my ability to ask IT staff here any questions, so I
basically need to figure this out on my own.

Any suggestions?
-- 
Adam Rosi-Kessel
http://adam.rosi-kessel.org

Paul Gienger

2004-Sep-02 15:15 UTC

head link

[Samba] Can't mount samba drive or join domain with W2K3 server

>################################################
># net join -l -n my_computer_name -I shared_server_ip_address -U my_username
>my_username's password:
>[2004/09/02 10:45:59, 0] libads/kerberos.c:ads_kinit_password(136)
>  kerberos_kinit_password my_username@my_domain failed: Improper format of
>Kerberos configuration file
>  
>This screams "you haven't set up kerberos yet".  Start reading
here
http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm

I know that doesn't have everything you need, but I can't find the link 
I used to set up domain membership in active directory ATM.
>[2004/09/02 10:45:59, 0] utils/net_ads.c:ads_startup(183)
>  ads_connect: Improper format of Kerberos configuration file
>[2004/09/02 10:45:59, 0]
>rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>  cli_nt_setup_creds: request challenge failed
>[2004/09/02 10:46:00, 0]
>rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>  cli_nt_setup_creds: request challenge failed
>[2004/09/02 10:46:00, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
>  Error domain join verification (reused connection):
>NT_STATUS_INVALID_COMPUTER_NAME
>
>Unable to join domain <domain_name>.
>################################################
>
>If I type the wrong password, it says "The username or password was not
>correct." So it's clearly getting through one stage of
authentication.
>
>I am limited in my ability to ask IT staff here any questions, so I
>basically need to figure this out on my own.
>
>Any suggestions?
>  
>
-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger@ae-solutions.com

Adam Rosi-Kessel

2004-Sep-02 15:37 UTC

head link

[Samba] Re: Can't mount samba drive or join domain with W2K3 server

Paul Gienger wrote:> ># net join -l -n my_computer_name -I shared_server_ip_address -U
> > kerberos_kinit_password my_username at my_domain failed: Improper
> > format of Kerberos configuration file
> This screams "you haven't set up kerberos yet".  Start
reading here
> http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
> I know that doesn't have everything you need, but I can't find the
link
> I used to set up domain membership in active directory ATM.
Thanks, that's a good start.

Now I get a much shorter message:

######################################
# net ads join -Umy_username
my_username's password:
[2004/09/02 11:33:19, 0] libads/ldap.c:ads_add_machine_acct(1283)
  ads_add_machine_acct: Host account for my_machine already exists - modifying
old account
[2004/09/02 11:33:19, 0] libads/ldap.c:ads_join_realm(1617)
  ads_add_machine_acct (akessel-linux): Insufficient access 
ads_join_realm: Insufficient access
######################################

I'm not sure why I have insufficient access; the machine was configured
before without a problem (originally a Windows box).

On the other hand:

######################################
# net rpc join -Umy_username
Password:
Joined domain <MY_DOMAIN>.
######################################

So it looks like I can join successfully with rpc.

I still can't mount:

######################################
# mount shared_drive
cli_negprot: SMB signing is mandatory and we have disabled it.
16495: protocol negotiation failed
SMB connection failed
######################################

I'm unclear as to whether the ADS issue is linked with this mounting
issue.  Do I need to join with ADS before I'll be able mount the drive?
Or is there some way I can get SMB signing to work without getting ADS
to work?
-- 
Adam Rosi-Kessel
http://adam.rosi-kessel.org

Seemingly Similar Threads

Search for more seemingly similar threads

samba - Sep 2004 - Can't mount samba drive or join domain with W2K3 server

[Samba] Can't mount samba drive or join domain with W2K3 server

[Samba] Can't mount samba drive or join domain with W2K3 server

[Samba] Re: Can't mount samba drive or join domain with W2K3 server

Seemingly Similar Threads