Displaying 20 results from an estimated 68 matches for "ads_add_machine_acct".
2004 Jun 14
2
Member Server in Active Directory
...configured
correctly as kinit creates a ticket for the realm. Executables appear to have
support for Kerberos and LDAP (smbd -b | grep KRB and grep LDAP) return OK.
When I try to join the AD with
net ads join -U myadminusername
I'm prompted for my password but then get:
libads/ldap.c:ads_add_machine_acct(1006)
Host account for inpsamo-debian already exists - modifying old account
libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: No such object
ads_join_realm: No such object
I only have admin rights for an ou of the Active Directory. Here is a Windows
LDP search of my ou:
ldap_...
2005 Jun 11
1
Problem joining a domain using ads
...pires: 9223372036854775807
logonCount: 33
sAMAccountName: laptopjkt$
sAMAccountType: 805306369
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=SP-GRUPPE,DC=DE
isCriticalSystemObject: FALSE
mS-DS-CreatorSID:
"net ads join -U jkt" shows:
[2005/06/11 11:04:44, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for laptopjkt already exists -
modifying old account
[2005/06/11 11:04:44, 0] libads/ldap.c:ads_join_realm(1763)
ads_join_realm: ads_add_machine_acct failed (laptopjkt):
Insufficient access
ads_join_realm: Insufficient access
what's wrong???
--...
2007 Mar 27
1
re: Samba + Winbind + SuSE Linux AD auth not working
...Note: all the needed configuratoin file snippets are
at the end of this message:
Ok when i try and join my domain/workgroup i get the
following output
SERVER1:/etc/ssh # net join -w WORKGROUP -U USERNAME
-S ADserver.mydomain.net
USERNAME's password:
[2007/03/22 13:18:41, 0]
libads/ldap.c:ads_add_machine_acct(1400)
ads_add_machine_acct: Host account for server1
already exists -
modifying old account
ads_set_machine_password: Message stream modified
ADS join did not work, falling back to RPC...
Joined domain WORKGROUP.
looks to me like it worked , then do the following:
# wbinfo -t
checking t...
2005 Nov 01
1
Join ADS domain - Insufficient Access
...mb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2005/11/01 07:44:58, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
Ticket in ccache[MEMORY:net_ads] expiration Tue, 01 Nov 2005 17:46:24 GMT
[2005/11/01 07:44:58, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for app1 already exists -
modifying old account
[2005/11/01 07:44:58, 0] libads/ldap.c:ads_join_realm(1763)
ads_join_realm: ads_add_machine_acct failed (app1): Insufficient access
ads_join_realm: Insufficient access
[2005/11/01 07:44:58, 2] utils/net....
2004 Nov 02
1
net ads join fails
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
~ /usr/bin/net ads join -Udennisb
dennisb password:
[2004/11/02 17:31:56, 0] libads/ldap.c:ads_add_machine_acct(1006)
~ Host account for if-srv-hos1 already exists - modifying old account
[2004/11/02 17:31:56, 0] libads/ldap.c:ads_join_realm(1342)
~ ads_add_machine_acct: No such object
ads_join_realm: No such object
Also:
net user | wc -l
reports 106000 users, but
wbinfo -u | wc -l
only reports 5000....
2004 Jul 20
1
Chasing the "ads_add_machine_acct: Insufficient access" problem
...from source.
Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004
i686 athlon i386 GNU/Linux
Here is the problem in a nutshell:
[root@roar root]# net ads join Computers -S mydc1.mynetwork.com
[2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: Insufficient access
ads_join_realm: Insufficient access
and the important pieces of smb.conf:
[global]
workgroup = MYNETWORK
netbios name = ROAR
server string = Lotsa Room
security = ADS
realm = MYNET...
2007 May 22
2
kerberos_kinit_password -- Preauthentication falied ??
Hi,
I'm fairly new to samba so apologies if this is an old problem....
When I try 'net ads join -U administrator' I get the following:
[2007/05/22 12:15:15, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for storage4 already exists -
modifying old account
Using short domain name -- ABSOLUTESTUDIOS
[2007/05/22 12:15:15, 0] libads/kerberos.c:get_service_ticket(335)
get_service_ticket: kerberos_kinit_password
STORAGE4$@ABSOLUTESTUDIOS.CO.UK@ABSOLUTESTUDIO...
2004 Dec 02
3
net ads join fails - "Preauthetication failed"
...of different problems and variations of krb5.conf and
samba.conf files I am currently stuck with the following error trying to
join a domain
net ads join -U nfybw@UIB.NO 'Klienter\IT\MatNat\IFT\Samba
Servers\IT-gruppen'
nfybw@UIB.NO's password:
[2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367)
ads_add_machine_acct: Host account for iftsmb100 already exists -
modifying old account
Using short domain name -- KLIENT
[2004/12/02 15:34:39, 0] libads/kerberos.c:get_service_ticket(335)
get_service_ticket: kerberos_kinit_password
IFTSMB100$@KLIENT.UIB.NO@KLIENT.UIB.NO failed: Preauth...
2004 May 21
3
Suse 9.1 Samba
...;s Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
When I do the net ads join, I get: (I use the same name and password in
WinXP, different computer name and it works)
sha-linux:/etc/samba # net ads join -U art_fore
art_fore's password:
[2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for sha-linux already exists - modifying old account
[2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342)
ads_add_machine_acct: Insufficient access
ads_join_realm: Insufficient access
If I do the klist Tickets, it does not work, so I do klist -T:
sha-linux:/etc/samba...
2005 Nov 08
1
ADS Join and Insufficient Access
...krb5.conf and smb.conf.
kinit works fine. ("Authenticated to Kerberos v5")
I prestage the server by adding it to my OU with rights to add it to the domain as I have always done.
When I go to add it to the domain with
net ads join -U mmaki@NEW.DOMAIN.NET
and enter my password
I get
ads_add_machine_acct: Host account for smbtest already exists - modifying old account
(which is normal for prestaged machines)
ads_join_realm: ads_add_machine_acct failed (smbtest): Insufficient access
ads_join_realm: Insufficient access
I have no problem adding Windows workstations with the same account, it&...
2004 Nov 17
0
Authenticating off a Windows 2003 ADS DC with Samba/Winbind
...ed winbind/smb.conf using the Authentication applet.
- smb/winbind are started ok.
**********************
Here's the problem:
[root@gx280rmaniarFC3 samba]# net ads join -S gx270-rmaniar -U
Administrator
Administrator's password:
[2004/11/16 17:35:12, 0] libads/ldap.c:ads_join_realm(1640)
ads_add_machine_acct (gx280rmaniarfc3): Type or value exists
ads_join_realm: Type or value exists
So it says it exists already, despite the fact that its not shown in the
'Computers' list in AD.
Tried it again, and got:
[root@gx280rmaniarFC3 pam.d]# net ads join -S gx270-rmaniar -U
Administrator
Administrator...
2006 Dec 13
1
Samba ADS domain member issues
...4E.9
samba-client-3.0.10-1.4E
samba-3.0.10-1.4E.9
rpm -qa | grep krb5
krb5-libs-1.3.4-33
krb5-devel-1.3.4-33
pam_krb5-2.1.8-1
krb5-workstation-1.3.4-33
What happens is that I am able to join the domain successfully:
net ads join -U Administrator%bVoIPrules2
[2006/12/12 19:16:25, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for development already exists -
modifying old account
Using short domain name -- B2LLC
Joined 'DEVELOPMENT' to realm 'B2LLC.LOCAL'
As far as the tests from the article go:
wbinfo -u, and wbinfo -g seem to work fine
getent passwd and gete...
2004 May 21
0
Insufficient access error
...icial Samba HowTo Book this should join the domain
specified in my smb.conf. Instead I get the following output :
[root@w72l-tux samba]# net ads join -U w702a-palmadesso
"w702\NonCatComputers"
w702a-palmadesso's password:
[2004/05/21 15:05:23, 0] libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: Insufficient access
ads_join_realm: Insufficient access
I can exchange Kerberos tickets from the output of klist :
[root@w72l-tux samba]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: w702a-palmadesso@TWW007.SITEST.NET
Valid starting Expires Service principal
05/2...
2005 Feb 10
2
net ads join requires full domain admin account?
Problem: I have an account that allows me to join an AD domain, this works
fine from any win box. However it fails with "ads_add_machine_acct
(client_name): Insufficient access" when I do a net ads join from a linux
box. To get samba to join the domain, I have to use an account with full
domain admin privs. (ie net ads join -Ufull_domain_admin)
Is this expected behavior?
The linux box is running Fedora Core 3, samba 3.0...
2005 May 23
1
CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems
...onse password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error messsage was: Access denied
Could not authenticate user user with challenge/response
I was able to join the domain successfully:
[root@billing samba]# net ads join
[2005/05/23 10:09:35, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for billing already exists -
modifying old account
Using short domain name -- DOMAIN
Joined 'BILLING' to realm 'DOMAIN.PRI'
At this point, I am at a loss as to what to do further. I don't
understand ADS well enough to know why I c...
2006 Jun 30
2
Help with RHEL4 and AD 2003 Authentication
...masks: files
networks: files
protocols: files winbind
rpc: files
services: files winbind
netgroup: files winbind
publickey: files
automount: files winbind
aliases: files
# OUTPUT
# net ads join -U Administrator
bhataadmin's password:
[2006/06/30 09:54:14, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for ADTEST01 already exists - modifying
old account
Using short domain name -- CORP
Joined 'ADTEST01' to realm 'CORP.OBSCURED.COM'
#
# kinit Administrator@CORP.OBSCURED.COM
Password for Administrator@CORP.OBSCURED.COM:
#
# wbinfo -u
Error...
2006 Aug 24
2
Can't net ads join
Trying to do a net ads join, which has always worked fine in the past is
now throwing the below errors when I try and rejoin the domain after a
Windows server reboot.
What am I doing wrong?
:b!
[2006/08/23 19:45:00, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for mustang already exists -
modifying old account
[2006/08/23 19:45:00, 0] libads/kerberos.c:get_service_ticket(337)
get_service_ticket: kerberos_kinit_password
MUSTANG$@MACHINEVISIONPRODUCTS.COM@MACHINEVISIONPRODUCTS.COM failed:
Clock skew too great
[2...
2004 Sep 02
2
Can't mount samba drive or join domain with W2K3 server
Please cc me on replies.
My employer recently upgraded to W2K3. I have no control over the
employer's set up and limited access to information. Under the old
server, everything was working fine. Now I can't mount the shared drive
anymore.
I'm running Debian sid; samba 3.0.6-3.
################################################
# mount shared_drive
cli_negprot: SMB signing is
2004 Oct 15
4
member server and kerberos
...rg = DATOM.DYNDNS.ORG
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
## nsswitch.conf ##
passwd: files winbind #ldap
group: files winbind #ldap
shadow: files #ldap
tests effectu?s:
# kinit administrateur + mdp -> ok
# net ads join
[2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283)
ads_add_machine_acct: Host account for cafeine already exists -
modifying old account
Using short domain name -- DATOM
Joined 'CAFEINE' to realm 'DATOM.DYNDNS.ORG'
# klist -5
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur@DATOM.DYNDNS.ORG
Valid starting...
2003 Jul 18
1
Joining samba to AD domain with a non-admin user
...user in "domain admins" to join the AD domain
fine too. I tried with beta3, and it's the same as alpha24 and alpha21 (a21
did not have Antti's patch).
So my question is, is this supported, or broken, or am I using it wrong? The
failure happens during ldap_add_s called from ads_add_machine_acct(). I do
kinit before the "net ads join" command. However I haven't found where the
kerberos ticket was used before the failure although the ticket does make a
difference.
Thanks,
Chere