Thomas Nimphy
2009-Mar-10 08:50 UTC
[Samba] net ads join -U syntax: userid@domain confuses kerberos
I try to join a Samba 3.2 server on RHEL 4 to AD using net ads join -d 2 -U myaccount@MAINDOM.COM The domain to join the samba server should join to is a subdomain of MAINDOM.COM, call it SUB1.MAINDOM.COM. The interesting part of smb.conf is: [global] workgroup = SUB1 security = ADS realm = SUB1.MAINDOM.COM When joining I get kerberos_kinit_password myaccount@MAINDOM.COM@SUB1.MAINDOM.COM failed: Malformed representation of principal However, the join is successful if a use a useraccount of the subdomain SUB1 (omitting the @<domain> syntax!): net ads join -d 2 -U mysub1account Samba 3.2 net utility obviously does not know how to deal with @MAINDOM.COM added to the userid in -U parameter. To join a samba server to a subdomain using a useraccount in the 'maindomain' worked fine in 3.0 versions of samba (3.0.9, 3.025) Does anybody know if this behaviour has been changed on purpose from 3.0 to 3.2? Any workarounds that exist? I tested with Samba 3.3.1 as well, same behaviour. Regards .. Thomas _______________________________________________________________________ Jetzt 1 Monat kostenlos! WEB.DE FreeDSL - Telefonanschluss + DSL f?r nur 17,95 EURO/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a