samba - Jul 2008 - Problem trying to join SAMBA as a Domain Member

Hello,

I am working on RHEL4 update 5, using SAMBA 3.0.26a.

I am trying to configure SAMBA as a domain member in a Win2K domain. I am
using Kerberos authneticiaon (Security = ADS).

I am getting an error when I am trying to join the domain (this is the
output I get from running ?net ads join ?Uuser%password ?d10?:

[2008/07/15 12:11:51.347873, 1, pid=5304]
rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
  cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
NYLVNADC01.na.smbcgroup.com.  Error was NT_STATUS_ACCESS_DENIED
[2008/07/15 12:11:51.347916, 0, pid=5304]
utils/net_rpc_join.c:net_rpc_join_ok(70)
  net_rpc_join_ok: failed to get schannel session key from server
NYLVNADC01.na.smbcgroup.com for domain NA. Error was NT_STATUS_ACCESS_DENIED
[2008/07/15 12:11:51.347949, 6, pid=5304]
libsmb/clientgen.c:write_socket(155)
  write_socket(7,39)
[2008/07/15 12:11:51.348050, 6, pid=5304]
libsmb/clientgen.c:write_socket(158)
  write_socket(7,39) wrote 39
[2008/07/15 12:11:51.348419, 10, pid=5304]
lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 35


I have tried to use tcpdump to get a network sniff of the communication, I
saw that the DC is returning an error: ?KRB5KDC_ERR_PREAUTH_REQUIRED? .

Also on the DC I get ?Event ID 675, Pre-authentication failed, Failure Code 
0x19?

Is this a known error? 
Any help would be great.

Thanks,
Hagai.

-- 
View this message in context:
http://www.nabble.com/Problem-trying-to-join-SAMBA-as-a-Domain-Member-tp18470080p18470080.html
Sent from the Samba - General mailing list archive at Nabble.com.

Hello again,

I was able to track my problem to bug
https://bugzilla.samba.org/show_bug.cgi?id=4771 
Once I added  "netlogon" to the group policy
under "named pipes that can be accessed anonymously" I was able to
join the
domain.

Is this fixed in new SAMAB versions?
Thanks,
Hagai.



hagai yaffe wrote:
> 
> Hello,
> 
> I am working on RHEL4 update 5, using SAMBA 3.0.26a.
> 
> I am trying to configure SAMBA as a domain member in a Win2K domain. I am
> using Kerberos authneticiaon (Security = ADS).
> 
> I am getting an error when I am trying to join the domain (this is the
> output I get from running ?net ads join ?Uuser%password ?d10?:
> 
> [2008/07/15 12:11:51.347873, 1, pid=5304]
> rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
>   cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
> NYLVNADC01.na.smbcgroup.com.  Error was NT_STATUS_ACCESS_DENIED
> [2008/07/15 12:11:51.347916, 0, pid=5304]
> utils/net_rpc_join.c:net_rpc_join_ok(70)
>   net_rpc_join_ok: failed to get schannel session key from server
> NYLVNADC01.na.smbcgroup.com for domain NA. Error was
> NT_STATUS_ACCESS_DENIED
> [2008/07/15 12:11:51.347949, 6, pid=5304]
> libsmb/clientgen.c:write_socket(155)
>   write_socket(7,39)
> [2008/07/15 12:11:51.348050, 6, pid=5304]
> libsmb/clientgen.c:write_socket(158)
>   write_socket(7,39) wrote 39
> [2008/07/15 12:11:51.348419, 10, pid=5304]
> lib/util_sock.c:read_smb_length_return_keepalive(623)
>   got smb length of 35
> 
> 
> I have tried to use tcpdump to get a network sniff of the communication, I
> saw that the DC is returning an error: ?KRB5KDC_ERR_PREAUTH_REQUIRED? .
> 
> Also on the DC I get ?Event ID 675, Pre-authentication failed, Failure
> Code  0x19?
> 
> Is this a known error? 
> Any help would be great.
> 
> Thanks,
> Hagai.
> 
> 
-- 
View this message in context:
http://www.nabble.com/Problem-trying-to-join-SAMBA-as-a-Domain-Member-tp18470080p18504513.html
Sent from the Samba - General mailing list archive at Nabble.com.