Hi all: =20 I=A1=A6m trying to join a win2000 ad domain but failed. I can see my samba server in computer list of domain controller, but the icon of the samba server is disabled. I also got error message from my samba server: =20 Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to join domain: Wrong Password =20 The password should be correct because I can get krb ticket successfully. My samba version is 3.0.25b. Joining win2003 domain is successfully without a problem. I wonder why it makes difference between 2000 and 2003. Previously I used version 3.0.23d, and both 2000 and 2003 can be joined domain successfully. My global session is as the following: =20 [global] dos charset =3D UTF8 display charset =3D UTF8 unix charset =3D UTF8 server string =3D %h netbios name =3D smbserver write ok =3D yes guest account =3D smbguest map to guest =3D bad user encrypt passwords =3D yes map archive =3D no max log size=3D 50 dfree command=3D /usr/local/bin/dfree client use spnego =3D yes auth methods =3D guest sam_ignoredomain winbind:ntdomain host msdfs =3D yes winbind use default domain =3D yes workgroup =3D PASW security =3D ads password server =3D PASW.COM * realm =3D PASW.COM winbind enum users =3D yes winbind enum groups =3D yes idmap uid =3D 100000-500000 idmap gid =3D 100000-500000 winbind cache time =3D 15 template homedir =3D /tmp/users/home/%D/%U template shell =3D /bin/bash =20 Please help me out. Thanks in advance, Latrell =20
Latrell Wang 王獻綱
2007-Aug-02 08:27 UTC
[Samba] RE: Failed to join win2000 domain in 3.0.25b
I wonder if my kerberos version could cause problems. My version is 1.6.2. Please give me some help. =20 Thanks, Latrell. =20 ________________________________ Hi all: =20 I=A1=A6m trying to join a win2000 ad domain but failed. I can see my samba server in computer list of domain controller, but the icon of the samba server is disabled. I also got error message from my samba server: =20 Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to join domain: Wrong Password =20 The password should be correct because I can get krb ticket successfully. My samba version is 3.0.25b. Joining win2003 domain is successfully without a problem. I wonder why it makes difference between 2000 and 2003. Previously I used version 3.0.23d, and both 2000 and 2003 can be joined domain successfully. My global session is as the following: =20 [global] dos charset =3D UTF8 display charset =3D UTF8 unix charset =3D UTF8 server string =3D %h netbios name =3D smbserver write ok =3D yes guest account =3D smbguest map to guest =3D bad user encrypt passwords =3D yes map archive =3D no max log size=3D 50 dfree command=3D /usr/local/bin/dfree client use spnego =3D yes auth methods =3D guest sam_ignoredomain winbind:ntdomain host msdfs =3D yes winbind use default domain =3D yes workgroup =3D PASW security =3D ads password server =3D PASW.COM * realm =3D PASW.COM winbind enum users =3D yes winbind enum groups =3D yes idmap uid =3D 100000-500000 idmap gid =3D 100000-500000 winbind cache time =3D 15 template homedir =3D /tmp/users/home/%D/%U template shell =3D /bin/bash =20 Please help me out. Thanks in advance, Latrell =20
Latrell Wang 王獻綱
2007-Aug-21 09:13 UTC
[Samba] RE: Failed to join win2000 domain in 3.0.25b
Hi all: =20 I found that if I use =A1=A7net rpc join=A1=A8 instead of =A1=A7net ads join=A1=A8 to join a win2000 ad domain, it will succeed in the same setting. I don=A1=A6t know why this can work. Could somebody explain it? Are there any changes for joining win2000 ad domain? =20 Thanks, Latrell. ________________________________ From: Latrell Wang =A4=FD=C4m=BA=F5=20 Sent: Thursday, August 02, 2007 4:27 PM To: samba@lists.samba.org Subject: RE: Failed to join win2000 domain in 3.0.25b =20 I wonder if my kerberos version could cause problems. My version is 1.6.2. Please give me some help. =20 Thanks, Latrell. =20 ________________________________ Hi all: =20 I=A1=A6m trying to join a win2000 ad domain but failed. I can see my samba server in computer list of domain controller, but the icon of the samba server is disabled. I also got error message from my samba server: =20 Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to join domain: Wrong Password =20 The password should be correct because I can get krb ticket successfully. My samba version is 3.0.25b. Joining win2003 domain is successfully without a problem. I wonder why it makes difference between 2000 and 2003. Previously I used version 3.0.23d, and both 2000 and 2003 can be joined domain successfully. My global session is as the following: =20 [global] dos charset =3D UTF8 display charset =3D UTF8 unix charset =3D UTF8 server string =3D %h netbios name =3D smbserver write ok =3D yes guest account =3D smbguest map to guest =3D bad user encrypt passwords =3D yes map archive =3D no max log size=3D 50 dfree command=3D /usr/local/bin/dfree client use spnego =3D yes auth methods =3D guest sam_ignoredomain winbind:ntdomain host msdfs =3D yes winbind use default domain =3D yes workgroup =3D PASW security =3D ads password server =3D PASW.COM * realm =3D PASW.COM winbind enum users =3D yes winbind enum groups =3D yes idmap uid =3D 100000-500000 idmap gid =3D 100000-500000 winbind cache time =3D 15 template homedir =3D /tmp/users/home/%D/%U template shell =3D /bin/bash =20 Please help me out. Thanks in advance, Latrell =20
Alexandr Miasnikov
2007-Aug-21 09:18 UTC
[Samba] RE: Failed to join win2000 domain in 3.0.25b
Latrell Wang ??? ?????:> Hi all: > > > > I found that if I use ?net rpc join? instead of ?net ads join? to join a win2000 ad domain, it will succeed in the same setting. > > I don?t know why this can work. Could somebody explain it? Are there any changes for joining win2000 ad domain? >This is a bug https://bugzilla.samba.org/show_bug.cgi?id=4863 if You are using Solaris. --
Latrell Wang 王獻綱
2007-Aug-22 05:37 UTC
[Samba] RE: Failed to join win2000 domain in 3.0.25b
I'm using montavista linux instead of Solaris. I also encountered "Logon failure" if I turn off the client use spengo. Turn on client use spnego and use "net rpc join" seems to work perfectly. Latrell -----Original Message----- From: Alexandr Miasnikov [mailto:asp@pskov.mts.ru] Sent: Tuesday, August 21, 2007 5:18 PM To: Latrell Wang $B2&`[9K(J; samba@lists.samba.org Subject: Re: [Samba] RE: Failed to join win2000 domain in 3.0.25b Latrell Wang $B2&`[9K(J $B'a'Z'j'V'd(J:> Hi all: > > > > I found that if I use $B!H(Jnet rpc join$B!I(J instead of $B!H(Jnet ads join$B!I(J to join a win2000 ad domain, it will succeed in the same setting. > > I don$B!G(Jt know why this can work. Could somebody explain it? Are there any changes for joining win2000 ad domain? >This is a bug https://bugzilla.samba.org/show_bug.cgi?id=4863 if You are using Solaris. --