search for: ads_add_machine_acct

...configured correctly as kinit creates a ticket for the realm. Executables appear to have support for Kerberos and LDAP (smbd -b | grep KRB and grep LDAP) return OK. When I try to join the AD with net ads join -U myadminusername I'm prompted for my password but then get: libads/ldap.c:ads_add_machine_acct(1006) Host account for inpsamo-debian already exists - modifying old account libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: No such object ads_join_realm: No such object I only have admin rights for an ou of the Active Directory. Here is a Windows LDP search of my ou: ldap_...

...pires: 9223372036854775807 logonCount: 33 sAMAccountName: laptopjkt$ sAMAccountType: 805306369 objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=SP-GRUPPE,DC=DE isCriticalSystemObject: FALSE mS-DS-CreatorSID: "net ads join -U jkt" shows: [2005/06/11 11:04:44, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for laptopjkt already exists - modifying old account [2005/06/11 11:04:44, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (laptopjkt): Insufficient access ads_join_realm: Insufficient access what's wrong??? --...

...Note: all the needed configuratoin file snippets are at the end of this message: Ok when i try and join my domain/workgroup i get the following output SERVER1:/etc/ssh # net join -w WORKGROUP -U USERNAME -S ADserver.mydomain.net USERNAME's password: [2007/03/22 13:18:41, 0] libads/ldap.c:ads_add_machine_acct(1400) ads_add_machine_acct: Host account for server1 already exists - modifying old account ads_set_machine_password: Message stream modified ADS join did not work, falling back to RPC... Joined domain WORKGROUP. looks to me like it worked , then do the following: # wbinfo -t checking t...

...mb/clikrb5.c:ads_krb5_mk_req(381) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2005/11/01 07:44:58, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318) Ticket in ccache[MEMORY:net_ads] expiration Tue, 01 Nov 2005 17:46:24 GMT [2005/11/01 07:44:58, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for app1 already exists - modifying old account [2005/11/01 07:44:58, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (app1): Insufficient access ads_join_realm: Insufficient access [2005/11/01 07:44:58, 2] utils/net....

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ~ /usr/bin/net ads join -Udennisb dennisb password: [2004/11/02 17:31:56, 0] libads/ldap.c:ads_add_machine_acct(1006) ~ Host account for if-srv-hos1 already exists - modifying old account [2004/11/02 17:31:56, 0] libads/ldap.c:ads_join_realm(1342) ~ ads_add_machine_acct: No such object ads_join_realm: No such object Also: net user | wc -l reports 106000 users, but wbinfo -u | wc -l only reports 5000....

...from source. Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004 i686 athlon i386 GNU/Linux Here is the problem in a nutshell: [root@roar root]# net ads join Computers -S mydc1.mynetwork.com [2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access and the important pieces of smb.conf: [global] workgroup = MYNETWORK netbios name = ROAR server string = Lotsa Room security = ADS realm = MYNET...

Hi, I'm fairly new to samba so apologies if this is an old problem.... When I try 'net ads join -U administrator' I get the following: [2007/05/22 12:15:15, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for storage4 already exists - modifying old account Using short domain name -- ABSOLUTESTUDIOS [2007/05/22 12:15:15, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password STORAGE4$@ABSOLUTESTUDIOS.CO.UK@ABSOLUTESTUDIO...

...of different problems and variations of krb5.conf and samba.conf files I am currently stuck with the following error trying to join a domain net ads join -U nfybw@UIB.NO 'Klienter\IT\MatNat\IFT\Samba Servers\IT-gruppen' nfybw@UIB.NO's password: [2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367) ads_add_machine_acct: Host account for iftsmb100 already exists - modifying old account Using short domain name -- KLIENT [2004/12/02 15:34:39, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password IFTSMB100$@KLIENT.UIB.NO@KLIENT.UIB.NO failed: Preauth...

...;s Password: kinit: NOTICE: ticket renewable lifetime is 1 week When I do the net ads join, I get: (I use the same name and password in WinXP, different computer name and it works) sha-linux:/etc/samba # net ads join -U art_fore art_fore's password: [2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006) Host account for sha-linux already exists - modifying old account [2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access If I do the klist Tickets, it does not work, so I do klist -T: sha-linux:/etc/samba...

...krb5.conf and smb.conf. kinit works fine. ("Authenticated to Kerberos v5") I prestage the server by adding it to my OU with rights to add it to the domain as I have always done. When I go to add it to the domain with net ads join -U mmaki@NEW.DOMAIN.NET and enter my password I get ads_add_machine_acct: Host account for smbtest already exists - modifying old account (which is normal for prestaged machines) ads_join_realm: ads_add_machine_acct failed (smbtest): Insufficient access ads_join_realm: Insufficient access I have no problem adding Windows workstations with the same account, it&...

...ed winbind/smb.conf using the Authentication applet. - smb/winbind are started ok. ********************** Here's the problem: [root@gx280rmaniarFC3 samba]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:35:12, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists So it says it exists already, despite the fact that its not shown in the 'Computers' list in AD. Tried it again, and got: [root@gx280rmaniarFC3 pam.d]# net ads join -S gx270-rmaniar -U Administrator Administrator...

...4E.9 samba-client-3.0.10-1.4E samba-3.0.10-1.4E.9 rpm -qa | grep krb5 krb5-libs-1.3.4-33 krb5-devel-1.3.4-33 pam_krb5-2.1.8-1 krb5-workstation-1.3.4-33 What happens is that I am able to join the domain successfully: net ads join -U Administrator%bVoIPrules2 [2006/12/12 19:16:25, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for development already exists - modifying old account Using short domain name -- B2LLC Joined 'DEVELOPMENT' to realm 'B2LLC.LOCAL' As far as the tests from the article go: wbinfo -u, and wbinfo -g seem to work fine getent passwd and gete...

...icial Samba HowTo Book this should join the domain specified in my smb.conf. Instead I get the following output : [root@w72l-tux samba]# net ads join -U w702a-palmadesso "w702\NonCatComputers" w702a-palmadesso's password: [2004/05/21 15:05:23, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access I can exchange Kerberos tickets from the output of klist : [root@w72l-tux samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: w702a-palmadesso@TWW007.SITEST.NET Valid starting Expires Service principal 05/2...

Problem: I have an account that allows me to join an AD domain, this works fine from any win box. However it fails with "ads_add_machine_acct (client_name): Insufficient access" when I do a net ads join from a linux box. To get samba to join the domain, I have to use an account with full domain admin privs. (ie net ads join -Ufull_domain_admin) Is this expected behavior? The linux box is running Fedora Core 3, samba 3.0...

...onse password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) error messsage was: Access denied Could not authenticate user user with challenge/response I was able to join the domain successfully: [root@billing samba]# net ads join [2005/05/23 10:09:35, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for billing already exists - modifying old account Using short domain name -- DOMAIN Joined 'BILLING' to realm 'DOMAIN.PRI' At this point, I am at a loss as to what to do further. I don't understand ADS well enough to know why I c...

...masks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: files automount: files winbind aliases: files # OUTPUT # net ads join -U Administrator bhataadmin's password: [2006/06/30 09:54:14, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for ADTEST01 already exists - modifying old account Using short domain name -- CORP Joined 'ADTEST01' to realm 'CORP.OBSCURED.COM' # # kinit Administrator@CORP.OBSCURED.COM Password for Administrator@CORP.OBSCURED.COM: # # wbinfo -u Error...

Trying to do a net ads join, which has always worked fine in the past is now throwing the below errors when I try and rejoin the domain after a Windows server reboot. What am I doing wrong? :b! [2006/08/23 19:45:00, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for mustang already exists - modifying old account [2006/08/23 19:45:00, 0] libads/kerberos.c:get_service_ticket(337) get_service_ticket: kerberos_kinit_password MUSTANG$@MACHINEVISIONPRODUCTS.COM@MACHINEVISIONPRODUCTS.COM failed: Clock skew too great [2...

Please cc me on replies. My employer recently upgraded to W2K3. I have no control over the employer's set up and limited access to information. Under the old server, everything was working fine. Now I can't mount the shared drive anymore. I'm running Debian sid; samba 3.0.6-3. ################################################ # mount shared_drive cli_negprot: SMB signing is

...rg = DATOM.DYNDNS.ORG [kdc] profile = /var/kerberos/krb5kdc/kdc.conf ## nsswitch.conf ## passwd: files winbind #ldap group: files winbind #ldap shadow: files #ldap tests effectu?s: # kinit administrateur + mdp -> ok # net ads join [2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283) ads_add_machine_acct: Host account for cafeine already exists - modifying old account Using short domain name -- DATOM Joined 'CAFEINE' to realm 'DATOM.DYNDNS.ORG' # klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrateur@DATOM.DYNDNS.ORG Valid starting...

...user in "domain admins" to join the AD domain fine too. I tried with beta3, and it's the same as alpha24 and alpha21 (a21 did not have Antti's patch). So my question is, is this supported, or broken, or am I using it wrong? The failure happens during ldap_add_s called from ads_add_machine_acct(). I do kinit before the "net ads join" command. However I haven't found where the kerberos ticket was used before the failure although the ticket does make a difference. Thanks, Chere