Hi! I hope you can help me here. We replaced our only domain controller (W2K ActiveDirectory) with a newer server. It was done by means promotion and everything was copied correctly (acording to the guy who made the transfer of all the stuff from the old service to the new one). As a matter of fact all services provided by the old server are already being served by the new one. Before the replacement was done I had a squid proxy server (running on ubuntu) that authenticated users agains the old server. By the time both servers where up and running I modified the krb5.conf file so that it started using the new service. But since the old server was shutdown there have been trust problems. I can start a kerberos session (is that the right way to call it?): $ kinit -V ecarmona Password for ecarmona@FHEP.ORG: Authenticated to Kerberos v5 $ But when I try to rejoin the proxy server to the domain, this is what I get: $ sudo net ads join -U Administrator -d 4 [2006/10/03 17:31:51, 3] param/loadparm.c:lp_load(3910) lp_load: refreshing parameters [2006/10/03 17:31:51, 3] param/loadparm.c:init_globals(1320) Initialising global parameters [2006/10/03 17:31:51, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2006/10/03 17:31:51, 3] param/loadparm.c:do_section(3403) Processing section "[global]" doing parameter workgroup = fhep doing parameter realm = FHEP.ORG doing parameter server string = %h servidor proxy auxiliar (Samba, Ubuntu) doing parameter netbios name = fhep_proxy [2006/10/03 17:31:51, 4] param/loadparm.c:handle_netbios_name(2748) handle_netbios_name: set global_myname to: FHEP_PROXY doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter security = domain doing parameter encrypt passwords = true doing parameter password server = * doing parameter passdb backend = tdbsam guest doing parameter obey pam restrictions = yes doing parameter invalid users = root doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . doing parameter socket options = TCP_NODELAY [2006/10/03 17:31:51, 4] param/loadparm.c:lp_load(3941) pm_process() returned Yes [2006/10/03 17:31:51, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0 [2006/10/03 17:31:51, 2] lib/interface.c:add_interface(79) added interface ip=x.x.x.x bcast=y.y.y.y nmask=z.z.z.z Administrator's password: [2006/10/03 17:32:00, 4] libsmb/namequery.c:get_dc_list(1332) get_dc_list: no servers found [2006/10/03 17:32:00, 4] libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an unordered list [2006/10/03 17:32:00, 4] libsmb/namequery.c:get_dc_list(1407) get_dc_list: 192.168.0.3:0 [2006/10/03 17:32:00, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 192.168.0.3 [2006/10/03 17:32:00, 1] libads/ldap.c:ads_connect(251) Failed to get ldap server info [2006/10/03 17:32:00, 0] utils/net_ads.c:ads_startup(186) ads_connect: No results returned [2006/10/03 17:32:00, 2] utils/net.c:main(859) return code = -1 I have noticed that it's complaining about the ldap service in the AD server and I have checked with konqueror and it is efectively behaving weird: Sometimes I can't get an answer to a query, sometimes it answers but takes forever to respond..... (I have just checked and it seems to behave now, though the join fails miserably with the same output). Does anyone have a clue about what I have to do, either with the windows server of my GNU/linux server? Replacing AD with openLDAP is not an option, so don't ask. :-D Thanks in advance PS Just to test, I tried joining by rpc and it worked: $ sudo net rpc testjoin Join to 'FHEP' is OK But something tells me that it's not enough to get squid to authenticate users with ntlm_auth, is it?