Cyril Feraudet
2014-Aug-26 12:08 UTC
[Samba] Fwd: Re: Failed to join domain: failed to join domain 'XXX.YYY' over rpc: Access denied
Thanks for the reply. Le 2014-08-26 12:30, steve a ?crit?:> On Tue, 2014-08-26 at 12:02 +0200, Cyril Feraudet wrote: >> Hi all, >> >> I get an error when I try to join domain from CentOS 6.5. Have you an >> idea ? >> >> >> /etc/samba/smb.conf : >> --------------------- >> [global] >> workgroup = XXX >> server string = Samba Server Version %v >> log file = /var/log/samba/log.%m >> max log size = 50 >> realm = XXX.YYY >> security = ads >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> password server = dcserver.xxx.yyy >> winbind separator = \ >> >> >> /etc/krb5.conf : >> ---------------- >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> default_realm = XXX.YYY >> dns_lookup_realm = false >> dns_lookup_kdc = false > > comment false and add: > dns_lookup_kdc = truedone> >> ticket_lifetime = 24h >> renew_lifetime = 7d >> forwardable = true >> >> [realms] >> XXX.YYY = { >> kdc = dcserver.xxx.yyy:88 >> admin_server = dcserver.xxx.yyy:749 >> } >> >> [domain_realm] >> .xxx.yyy = XXX.YYY >> xxx.yyy = XXX.YYY >> >> /var/kerberos/krb5kdc/kdc.conf : >> -------------------------------- >> [kdcdefaults] >> kdc_ports = 88 >> kdc_tcp_ports = 88 >> >> [realms] >> XXX.YYY= { >> #master_key_type = aes256-cts >> acl_file = /var/kerberos/krb5kdc/kadm5.acl >> dict_file = /usr/share/dict/words >> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab >> supported_enctypes = aes256-cts:normal aes128-cts:normal >> des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal >> des-cbc-md5:normal des-cbc-crc:normal >> } >> >> Then : >> ------ >> >> # kinit administrateur at XXX.YYY >> Password for administrateur at XXX.YYY: >> >> # kdb5_util create -s >> Loading random data >> Initializing database '/var/kerberos/krb5kdc/principal' for realm >> 'XXX.YYY', >> master key name 'K/M at XXX.YYY' >> You will be prompted for the database Master Password. >> It is important that you NOT FORGET this password. >> Enter KDC database master key: >> Re-enter KDC database master key to verify: > > Remove /var/kerberos/krb5kdc/principaldone> >> >> >> # net ads join -U "administrateur at JALMA.NET" -S serveur-8.jalma.net > > now do: > net ads join -Uadministrateur > > Any better? > HTHStill the same : net ads join -Uadministrateur Enter administrateur's password: Failed to join domain: failed to join domain 'JALMA.NET' over rpc: Access denied
Possibly Parallel Threads
- Failed to join domain: failed to join domain 'XXX.YYY' over rpc: Access denied
- winbind - New DOMAIN but old DOMAIN not CHANGING .URGENT
- URGENT winbind - New DOMAIN but old DOMAIN not CHANGING - Resent
- Problem to join ADS domain.
- Samba4 machine fails to join in samba3 domain
Wisdom of the Ancients
