I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see the ticket via klist, but am unable to join the domain. /usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCAL gives the following error... [2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file found) [2007/08/29 15:49:24, 0] libads/kerberos.c:(228) kerberos_kinit_password user@DOMAIN.LOCAL failed: Preauthentication failed [2007/08/29 15:49:24, 1] utils/net_ads.c:(1470) error on ads_startup: Preauthentication failed Failed to join domain: Logon failure [2007/08/29 15:49:24, 2] utils/net.c:(1032) I have synced the time on the Samba box with my domain controller. Any thoughts on what is wrong? -- Pete
I actually had this happen to me not too long ago with Samba 3.0.25c. My problem was that I didn't set the ADS mode properly. You're always warned to set workgroup equal to the the pre-windows2000 domain name. So, just a few things to check: 1.) Typo's in the realm name. 2.) Typo's in the krb5.conf file (I use heimdal) 3.) Try running the net ads join with the administrator account (if you're using another account). 4.) Checking the the AD server to make sure that you don't have an old machine account for the Samba machine. Hope that helps. Theodore Charles III Network Administrator Los Angeles Senior High (www.lahigh.org)>From: "Peter Baumgartner" <sgt.hulka@gmail.com> >To: samba@lists.samba.org >Subject: [Samba] kinit works, net join ads fails >Date: Wed, 29 Aug 2007 15:55:28 -0600 > >I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see >the ticket via klist, but am unable to join the domain. > >/usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCAL > >gives the following error... > >[2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache >file found) >[2007/08/29 15:49:24, 0] libads/kerberos.c:(228) > kerberos_kinit_password user@DOMAIN.LOCAL failed: Preauthentication >failed >[2007/08/29 15:49:24, 1] utils/net_ads.c:(1470) > error on ads_startup: Preauthentication failed >Failed to join domain: Logon failure >[2007/08/29 15:49:24, 2] utils/net.c:(1032) > >I have synced the time on the Samba box with my domain controller. Any >thoughts on what is wrong? > >-- >Pete >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba_________________________________________________________________ Get a FREE small business Web site and more from Microsoft® Office Live! http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/
>I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see >the ticket via klist, but am unable to join the domain. > >/usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCAL > >gives the following error... > >[2007/08/29 15:49:24, 3] libsmb/clikrb5.c:(593) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache >file found) >[2007/08/29 15:49:24, 0] libads/kerberos.c:(228) > kerberos_kinit_password user@DOMAIN.LOCAL failed: Preauthentication >failed >[2007/08/29 15:49:24, 1] utils/net_ads.c:(1470) > error on ads_startup: Preauthentication failed >Failed to join domain: Logon failure >[2007/08/29 15:49:24, 2] utils/net.c:(1032) > >I have synced the time on the Samba box with my domain controller. Any >thoughts on what is wrong?On 9/3/07, Necos Secon <secon_kun@hotmail.com> wrote:> > So, just a few things to check: > > 1.) Typo's in the realm name. > 2.) Typo's in the krb5.conf file (I use heimdal) > 3.) Try running the net ads join with the administrator account (if you're > using another account). > 4.) Checking the the AD server to make sure that you don't have an old > machine account for the Samba machine.I've tried all this and still am having no luck. I don't believe it is an issue in krb5.conf because kinit and smbclient work properly. I just can't join it to the domain. Any other thoughts?