Hi guys, Is it possible to join an AD domain using NT style authentication ? i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN] When I tried this I get the following error: [2006/02/22 11:56:42, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server msu adserver for domain MYADDOMAIN. [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Unable to join domain MYADDOMAIN. Do you have to have 'security = ads' and use 'net join ads......', and also have Kerberos enabled ? Kind regards David Wilson D c D a t a CNS, CLS, Linux+ T: 0860-1-LINUX F: 0866878971 M: 0824147413 E: support@dcdata.co.za W: http://www.dcdata.co.za -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html
David Wilson wrote:> Is it possible to join an AD domain using NT style authentication ? > i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN]Been there. Done that.> When I tried this I get the following error: > [2006/02/22 11:56:42, 0] > rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) > cli_rpc_pipe_open_schannel: failed to get schannel session key from > server msu > adserver for domain MYADDOMAIN. > [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) > Error connecting to NETLOGON pipe. Error was > NT_STATUS_NO_TRUST_SAM_ACCOUNT > Unable to join domain MYADDOMAIN.You didn't post your Samba version and smb.conf, so we need to wild-guess. Try adding "client schannel = No" in [global]. -TL
Gerald (Jerry) Carter
2006-Feb-22 13:58 UTC
[Samba] Join AD domain using security = domain ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 22 Feb 2006, David Wilson wrote:> Hi guys, > > Is it possible to join an AD domain using NT style authentication ? > i.e. security = domain in smb.conf and use 'net join rpc -W [MYADDOMAIN] > > When I tried this I get the following error: > [2006/02/22 11:56:42, 0] > rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) > cli_rpc_pipe_open_schannel: failed to get schannel session key from server > msu > adserver for domain MYADDOMAIN. > [2006/02/22 11:56:42, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) > Error connecting to NETLOGON pipe. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT > Unable to join domain MYADDOMAIN.Schannel is on RPC connections so you will see the same processing regardless of how winbindd is configured. You can set 'client schannel = no' in smb.conf. What version of Samba is this.? cheers, jerry ====================================================================I live in a Reply-to-All world. ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFD/G4kIR7qMdg1EfYRApKAAKDYZ7xjn8/mY7Ume7nVnH8mtkShCgCgifz1 0rf30YyqVzKveX3UHvTdnC0=zQy/ -----END PGP SIGNATURE-----