Dear Samba-Friends, You are my last hope to solve my samba-problem. I read so many manpages and everywhere i see the same to join an ADS-Domain: net ads join -UAdministrator%password All i want, is to join to a Windows2003 ADS Domain WITHOUT knowing the admin passwort of the Windows Domain Controller. Here are the Details: Other People in my Company create for me a computer account in the domain controller. I am not allowed to do this. The kerberos things seems to work very well The net ads join fails. Besides: With "security=domain" a "net rpc join" always succeed without any password. Thats what i am doing: W4DEMRCO0010006:~# kinit awm-meier.robert Password for awm-meier.robert@T-HUGO.COM: ****** W4DEMRCO0010006:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: awm-meier.robert@T-HUGO.COM Valid starting Expires Service principal 08/05/05 10:11:39 08/05/05 20:11:39 krbtgt/T-HUGO.COM@T-HUGO.COM 08/05/05 10:12:01 08/05/05 20:11:39 s4de8nsaaax$@T-HUGO.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached W4DEMRCO0010006:~# W4DEMRCO0010006:~# net ads info LDAP server: 10.175.162.6 LDAP server name: s4de8nsaaax Realm: T-HUGO.COM Bind Path: dc=T-HUGO,dc=COM LDAP port: 389 Server time: Fri, 05 Aug 2005 10:20:34 GMT KDC server: 10.175.162.6 Server time offset: 10 W4DEMRCO0010006:~# W4DEMRCO0010006:~# net ads status objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: W4DEMRCO0010006 distinguishedName: CN=W4DEMRCO0010006,OU=TAComputers,DC=t-HUGO,DC=com instanceType: 4 whenCreated: 20041011110348.0Z whenChanged: 20050803095614.0Z uSNCreated: 12291830 uSNChanged: 47883523 name: W4DEMRCO0010006 objectGUID: 4928b1f1-c9cf-41c2-a7bd-d2c2541dfa12 userAccountControl: 4096 badPwdCount: 15 codePage: 0 countryCode: 0 badPasswordTime: 127675468181987325 lastLogon: 127675350239782101 pwdLastSet: 127675344833817539 primaryGroupID: 515 objectSid: S-1-5-21-1524055796-552238918-151151879-30349 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: W4DEMRCO0010006$ sAMAccountType: 805306369 dNSHostName: W4DEMRCO0010006.rsnhm.t-HUGO.com objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=ads-komitel,DC=de isCriticalSystemObject: FALSE dSCorePropagationData: 20050503160726.0Z dSCorePropagationData: 16010101000001.0Z lastLogonTimestamp: 127673518289512517 W4DEMRCO0010006:~# W4DEMRCO0010006:~# net ads join [2005/08/05 10:15:00, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for w4demrco0010006 already exists - modifying old account [2005/08/05 10:15:00, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (w4demrco0010006): Insufficient access ads_join_realm: Insufficient access W4DEMRCO0010006:~# My smb.conf: ; ; /etc/smb.conf ; ; [global] workgroup = MYNETWORK netbios name = W4DEMRCO0010006 server string = Lotsa Room security = ADS realm = T-HUGO.COM auth methods = winbind password server = 10.175.162.6 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No syslog = 0 log file = /var/log/samba/log.%m max log size = 10000 smb ports = 445 disable netbios = Yes max xmit = 65535 name resolve order = host wins lmhosts bcast #tried both spnego Yes and No same diff. use spnego = Yes # use spnego = No server signing = auto deadtime = 10080 socket options = IPTOS_LOWDELAY TCP_NODELAY logon path logon home os level = 49 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 10000-40000 idmap gid = 10000-40000 winbind separator = + winbind nested groups = Yes winbind cache time = 20 template homedir = /home/%D/%U invalid users = root ea support = Yes hide special files = Yes hide unreadable = Yes use kerberos keytab = Yes client use spnego = yes Many, many thanks in Advance Robert Machen Sie aus 14 Cent spielend bis zu 100 Euro! Die neue Gaming-Area von Arcor - ?ber 50 Onlinespiele im Angebot. http://www.arcor.de/rd/emf-gaming-1