samba - Aug 2007 - Failed to join win2000 domain in 3.0.25b

Hi all:

=20

I=A1=A6m trying to join a win2000 ad domain but failed. I can see my samba
server in computer list of domain controller, but the icon of the samba server
is disabled. I also got error message from my samba server:

=20

Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to
join domain: Wrong Password

=20

The password should be correct because I can get krb ticket successfully. My
samba version is 3.0.25b. Joining win2003 domain is successfully without a
problem. I wonder why it makes difference between 2000 and 2003. Previously I
used version 3.0.23d, and both 2000 and 2003 can be joined domain successfully.
My global session is as the following:

=20

[global]

        dos charset =3D UTF8

        display charset =3D UTF8

        unix charset =3D UTF8

        server string =3D %h

        netbios name =3D smbserver

        write ok =3D yes

        guest account =3D smbguest

        map to guest =3D bad user

        encrypt passwords =3D yes

        map archive =3D no

        max log size=3D 50

        dfree command=3D /usr/local/bin/dfree

        client use spnego =3D yes

        auth methods =3D guest sam_ignoredomain winbind:ntdomain

        host msdfs =3D yes

        winbind use default domain =3D yes

        workgroup =3D PASW

        security =3D ads

        password server =3D PASW.COM *

        realm =3D PASW.COM

        winbind enum users =3D yes

        winbind enum groups =3D yes

        idmap uid =3D 100000-500000

        idmap gid =3D 100000-500000

        winbind cache time =3D 15

        template homedir =3D /tmp/users/home/%D/%U

        template shell =3D /bin/bash

=20

Please help me out.

Thanks in advance,

Latrell

=20

I wonder if my kerberos version could cause problems. My version is 1.6.2.
Please give me some help.

=20

Thanks,

Latrell.

=20

________________________________

Hi all:

=20

I=A1=A6m trying to join a win2000 ad domain but failed. I can see my samba
server in computer list of domain controller, but the icon of the samba server
is disabled. I also got error message from my samba server:

=20

Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to
join domain: Wrong Password

=20

The password should be correct because I can get krb ticket successfully. My
samba version is 3.0.25b. Joining win2003 domain is successfully without a
problem. I wonder why it makes difference between 2000 and 2003. Previously I
used version 3.0.23d, and both 2000 and 2003 can be joined domain successfully.
My global session is as the following:

=20

[global]

        dos charset =3D UTF8

        display charset =3D UTF8

        unix charset =3D UTF8

        server string =3D %h

        netbios name =3D smbserver

        write ok =3D yes

        guest account =3D smbguest

        map to guest =3D bad user

        encrypt passwords =3D yes

        map archive =3D no

        max log size=3D 50

        dfree command=3D /usr/local/bin/dfree

        client use spnego =3D yes

        auth methods =3D guest sam_ignoredomain winbind:ntdomain

        host msdfs =3D yes

        winbind use default domain =3D yes

        workgroup =3D PASW

        security =3D ads

        password server =3D PASW.COM *

        realm =3D PASW.COM

        winbind enum users =3D yes

        winbind enum groups =3D yes

        idmap uid =3D 100000-500000

        idmap gid =3D 100000-500000

        winbind cache time =3D 15

        template homedir =3D /tmp/users/home/%D/%U

        template shell =3D /bin/bash

=20

Please help me out.

Thanks in advance,

Latrell

=20

Hi all:

=20

I found that if I use =A1=A7net rpc join=A1=A8 instead of =A1=A7net ads
join=A1=A8 to join a win2000 ad domain, it will succeed in the same setting.

I don=A1=A6t know why this can work. Could somebody explain it? Are there any
changes for joining win2000 ad domain?

=20

Thanks,

Latrell.

________________________________

From: Latrell Wang =A4=FD=C4m=BA=F5=20
Sent: Thursday, August 02, 2007 4:27 PM
To: samba@lists.samba.org
Subject: RE: Failed to join win2000 domain in 3.0.25b

=20

I wonder if my kerberos version could cause problems. My version is 1.6.2.
Please give me some help.

=20

Thanks,

Latrell.

=20

________________________________

Hi all:

=20

I=A1=A6m trying to join a win2000 ad domain but failed. I can see my samba
server in computer list of domain controller, but the icon of the samba server
is disabled. I also got error message from my samba server:

=20

Failed to set password for machine account (NT_STATUS_WRONG_PASSWORD) Failed to
join domain: Wrong Password

=20

The password should be correct because I can get krb ticket successfully. My
samba version is 3.0.25b. Joining win2003 domain is successfully without a
problem. I wonder why it makes difference between 2000 and 2003. Previously I
used version 3.0.23d, and both 2000 and 2003 can be joined domain successfully.
My global session is as the following:

=20

[global]

        dos charset =3D UTF8

        display charset =3D UTF8

        unix charset =3D UTF8

        server string =3D %h

        netbios name =3D smbserver

        write ok =3D yes

        guest account =3D smbguest

        map to guest =3D bad user

        encrypt passwords =3D yes

        map archive =3D no

        max log size=3D 50

        dfree command=3D /usr/local/bin/dfree

        client use spnego =3D yes

        auth methods =3D guest sam_ignoredomain winbind:ntdomain

        host msdfs =3D yes

        winbind use default domain =3D yes

        workgroup =3D PASW

        security =3D ads

        password server =3D PASW.COM *

        realm =3D PASW.COM

        winbind enum users =3D yes

        winbind enum groups =3D yes

        idmap uid =3D 100000-500000

        idmap gid =3D 100000-500000

        winbind cache time =3D 15

        template homedir =3D /tmp/users/home/%D/%U

        template shell =3D /bin/bash

=20

Please help me out.

Thanks in advance,

Latrell

=20

Latrell Wang ??? ?????:
> Hi all:
> 
>  
> 
> I found that if I use ?net rpc join? instead of ?net ads join? to join a
win2000 ad domain, it will succeed in the same setting.
> 
> I don?t know why this can work. Could somebody explain it? Are there any
changes for joining win2000 ad domain?
> 

This is a bug https://bugzilla.samba.org/show_bug.cgi?id=4863
if You are using Solaris.


--

I'm using montavista linux instead of Solaris. I also encountered
"Logon failure" if I turn off the client use spengo. Turn on client
use spnego and use "net rpc join" seems to work perfectly.

Latrell 

-----Original Message-----
From: Alexandr Miasnikov [mailto:asp@pskov.mts.ru] 
Sent: Tuesday, August 21, 2007 5:18 PM
To: Latrell Wang $B2&`[9K(J; samba@lists.samba.org
Subject: Re: [Samba] RE: Failed to join win2000 domain in 3.0.25b

Latrell Wang $B2&`[9K(J
$B'a'Z'j'V'd(J:
> Hi all:
> 
>  
> 
> I found that if I use $B!H(Jnet rpc join$B!I(J instead of $B!H(Jnet ads
join$B!I(J to join a win2000 ad domain, it will succeed in the same setting.
> 
> I don$B!G(Jt know why this can work. Could somebody explain it? Are there
any changes for joining win2000 ad domain?
> 

This is a bug https://bugzilla.samba.org/show_bug.cgi?id=4863
if You are using Solaris.


--