Hello again,
I was able to track my problem to bug
https://bugzilla.samba.org/show_bug.cgi?id=4771
Once I added "netlogon" to the group policy
under "named pipes that can be accessed anonymously" I was able to
join the
domain.
Is this fixed in new SAMAB versions?
Thanks,
Hagai.
hagai yaffe wrote:>
> Hello,
>
> I am working on RHEL4 update 5, using SAMBA 3.0.26a.
>
> I am trying to configure SAMBA as a domain member in a Win2K domain. I am
> using Kerberos authneticiaon (Security = ADS).
>
> I am getting an error when I am trying to join the domain (this is the
> output I get from running ?net ads join ?Uuser%password ?d10?:
>
> [2008/07/15 12:11:51.347873, 1, pid=5304]
> rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
> cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
> NYLVNADC01.na.smbcgroup.com. Error was NT_STATUS_ACCESS_DENIED
> [2008/07/15 12:11:51.347916, 0, pid=5304]
> utils/net_rpc_join.c:net_rpc_join_ok(70)
> net_rpc_join_ok: failed to get schannel session key from server
> NYLVNADC01.na.smbcgroup.com for domain NA. Error was
> NT_STATUS_ACCESS_DENIED
> [2008/07/15 12:11:51.347949, 6, pid=5304]
> libsmb/clientgen.c:write_socket(155)
> write_socket(7,39)
> [2008/07/15 12:11:51.348050, 6, pid=5304]
> libsmb/clientgen.c:write_socket(158)
> write_socket(7,39) wrote 39
> [2008/07/15 12:11:51.348419, 10, pid=5304]
> lib/util_sock.c:read_smb_length_return_keepalive(623)
> got smb length of 35
>
>
> I have tried to use tcpdump to get a network sniff of the communication, I
> saw that the DC is returning an error: ?KRB5KDC_ERR_PREAUTH_REQUIRED? .
>
> Also on the DC I get ?Event ID 675, Pre-authentication failed, Failure
> Code 0x19?
>
> Is this a known error?
> Any help would be great.
>
> Thanks,
> Hagai.
>
>
--
View this message in context:
http://www.nabble.com/Problem-trying-to-join-SAMBA-as-a-Domain-Member-tp18470080p18504513.html
Sent from the Samba - General mailing list archive at Nabble.com.