search for: ads_join_realm

...GRUPPE,DC=DE isCriticalSystemObject: FALSE mS-DS-CreatorSID: "net ads join -U jkt" shows: [2005/06/11 11:04:44, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for laptopjkt already exists - modifying old account [2005/06/11 11:04:44, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (laptopjkt): Insufficient access ads_join_realm: Insufficient access what's wrong??? -- _ _ _ __ _(_)___ ___ _ __ ___ ___ | |__ __| | ___ / _` | / __/ __| '_ ` _ \ / _ \| '_ \...

...t; According to my official Samba HowTo Book this should join the domain specified in my smb.conf. Instead I get the following output : [root@w72l-tux samba]# net ads join -U w702a-palmadesso "w702\NonCatComputers" w702a-palmadesso's password: [2004/05/21 15:05:23, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access I can exchange Kerberos tickets from the output of klist : [root@w72l-tux samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: w702a-palmadesso@TWW007.SITEST.NET Valid starting Expires...

...DAP (smbd -b | grep KRB and grep LDAP) return OK. When I try to join the AD with net ads join -U myadminusername I'm prompted for my password but then get: libads/ldap.c:ads_add_machine_acct(1006) Host account for inpsamo-debian already exists - modifying old account libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: No such object ads_join_realm: No such object I only have admin rights for an ou of the Active Directory. Here is a Windows LDP search of my ou: ldap_search_s(ld, "DC=pwr,DC=int,DC=edited,DC=com", 2, "(ou=SAMO)", attrList, 0, &msg) Resu...

...cate via LDAP and Kerberos. Samba works perfectly until the computers hostname is longer than 15 characters. Then any attempt to join the domain fails with: ---- [root@uk1-sysstg-sqlsyslogtest etc]# net ads join -U Administrator Administrator's password: [2006/11/01 13:14:34, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (uk1-sysstg-sqlsyslogtest): Internal (implementation specific) error ads_join_realm: Internal (implementation specific) error ---- Looking at packet trace output suggests it's because of NETBIOS name length limitations. So I specify a legal...

...lag root@freeway# kinit root@DOMAIN.COM's Password: kinit: NOTICE: ticket renewable lifetime is 1 week ^^ here goes no error in MS event log so, kinit goes with noerror now, joining domain using root root@freeway# net ads join -U root root's password: [2005/05/31 12:28:19, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (freeway): Insufficient access ads_join_realm: Insufficient access thats because of this flag. joining domain using sysadmin - of course fails because of preathentication fail. what had i done wrong? thanks for any help.

...ads_cleanup_expired_creds(318) Ticket in ccache[MEMORY:net_ads] expiration Tue, 01 Nov 2005 17:46:24 GMT [2005/11/01 07:44:58, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for app1 already exists - modifying old account [2005/11/01 07:44:58, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (app1): Insufficient access ads_join_realm: Insufficient access [2005/11/01 07:44:58, 2] utils/net.c:main(902) return code = -1 --------------- I have no access to the domain but the Domain admin has assured me he has set it up exactly as he...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ~ /usr/bin/net ads join -Udennisb dennisb password: [2004/11/02 17:31:56, 0] libads/ldap.c:ads_add_machine_acct(1006) ~ Host account for if-srv-hos1 already exists - modifying old account [2004/11/02 17:31:56, 0] libads/ldap.c:ads_join_realm(1342) ~ ads_add_machine_acct: No such object ads_join_realm: No such object Also: net user | wc -l reports 106000 users, but wbinfo -u | wc -l only reports 5000. Is this because I haven't been able to join sucessfully yet? Also, if I try to change the name to if-srv-hos2, I get an error...

...d in WinXP, different computer name and it works) sha-linux:/etc/samba # net ads join -U art_fore art_fore's password: [2004/05/20 20:48:47, 0] libads/ldap.c:ads_add_machine_acct(1006) Host account for sha-linux already exists - modifying old account [2004/05/20 20:48:47, 0] libads/ldap.c:ads_join_realm(1342) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access If I do the klist Tickets, it does not work, so I do klist -T: sha-linux:/etc/samba # klist -T Credentials cache: FILE:/tmp/krb5cc_0 Principal: art_fore@3MTS.COM Issued Expires Principal May 20 21:08:26 May...

...h rights to add it to the domain as I have always done. When I go to add it to the domain with net ads join -U mmaki@NEW.DOMAIN.NET and enter my password I get ads_add_machine_acct: Host account for smbtest already exists - modifying old account (which is normal for prestaged machines) ads_join_realm: ads_add_machine_acct failed (smbtest): Insufficient access ads_join_realm: Insufficient access I have no problem adding Windows workstations with the same account, it's just adding the samba server. What could I be missing? Thanks, Mike Here is my smb.conf: [global] netbios name =...

...icket is ok. - configured winbind/smb.conf using the Authentication applet. - smb/winbind are started ok. ********************** Here's the problem: [root@gx280rmaniarFC3 samba]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:35:12, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists So it says it exists already, despite the fact that its not shown in the 'Computers' list in AD. Tried it again, and got: [root@gx280rmaniarFC3 pam.d]# net ads join -S gx270-rmaniar -...

Good evening everyone: I am struggling with a problem here. I have a brand new FC3 server set up. My Windows domain is a windows 2003 active directory domain. I have samba configured as below [global] netbios name = SRVWEB-01 server string = MCA Production Web Server printing = cups idmap gid = 15000-20000 password server = srvdc01 idmap

Problem with join to Active Directory [root@clust-master samba]# net ads join -S 10.0.0.1 -U Administrator Administrator's password: [2006/05/22 10:24:05, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (clust): Type or value exists ads_join_realm: Type or value exists [root@clust-master samba]# kinit Administrator@COROD.LOCAL Password for Administrator@COROD.LOCAL: As you can see kerberors seems works well, but when i tried to join to ADS routput is: Type or value e...

...#39;re seeing during a net join: 14:32 myhost<42> sudo ./net join -S domaincontroller -U admin_user Admin_user password: [2004/05/05 14:33:39, 0] libads/ldap.c:ads_add_machine_acct(1006) Host account for myhost already exists - modifying old account [2004/05/05 14:33:39, 0] libads/ldap.c:ads_join_realm(1342) ads_add_machine_acct: No such object ads_join_realm: No such object ADS join did not work, falling back to RPC... Joined domain MYDOMAIN. But, it seems that samba is up and running on our domain without issue. I've been able to read/write etc. to the share on this host without proble...

I'm setting up a windows server 2003 ADS Realm with a few samba servers associating to it, however i've found that the accounts on the DC that i use to associate samba with need to be in the administrator group otherwise the association fails. ("ads_join_realm: Insufficient access") I'm just curious what the absolute minimum privileges are on the Windows Server 2003 DC to allow the Samba server to Join the ADS Realm? I don't like the idea of giving the accounts used by samba administrative access, and it just doesn't seem necessary.

...T Kerberos v1.3.4 also compiled from source. Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004 i686 athlon i386 GNU/Linux Here is the problem in a nutshell: [root@roar root]# net ads join Computers -S mydc1.mynetwork.com [2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access and the important pieces of smb.conf: [global] workgroup = MYNETWORK netbios name = ROAR server string = Lotsa Room securit...

...lly get a kerberos ticket (and hence, authenticate), but cannot actually create a computer account in the desired OU using net, as detailed in the following: # kinit testuser@EXAMPLE.EXAMPLE.COM (confirm success with klist) # net ads join 'IT Systems/Admins' -U testuser@EXAMPLE.EXAMPLE.COM ads_join_realm: organizational unit IT Systems/Admins does not exist (dn:ou=Admins,ou=IT Systems,dc=EXAMPLE,dc=EXAMPLE,dc=COM) On the permissions side, I'm logged in as root on the samba server, and have domain admin rights on the Windows test server. If the slash is removed from the OU name (e.g. 'IT Sy...

...9, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318) Ticket in ccache[MEMORY:net_ads] expiration Tue, 24 May 2005 21:33:09 GMT [2005/05/24 11:33:09, 1] libads/ldap.c:ads_default_ou_string(1085) Failed while searching for: <WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=AD,dc=CHECKPOINT,dc=COM> ads_join_realm: Operations error [2005/05/24 11:33:09, 2] utils/net.c:main(897) return code = -1 Any help greatly appreciated.. Mike Michael Andrewjeski Unix Administrator Zone Labs, A Check Point Company http://www.zonelabs.com Tel:? 415.633.4769 Fax:? 415.633.4501

Please cc me on replies. My employer recently upgraded to W2K3. I have no control over the employer's set up and limited access to information. Under the old server, everything was working fine. Now I can't mount the shared drive anymore. I'm running Debian sid; samba 3.0.6-3. ################################################ # mount shared_drive cli_negprot: SMB signing is

.../13 10:14:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(267) krb5_cc_get_principal failed (No such file or directory) [2003/08/13 10:14:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(274) krb5_get_credentials failed for ads-server$@DOMAIN.COM (Unknown error 2529638927) [2003/08/13 10:14:26, 0] libads/ldap.c:ads_join_realm(1352) Host account for suseserver2 already exists - deleting old account [2003/08/13 10:14:26, 1] libads/krb5_setpw.c:ads_krb5_set_password(529) krb5_get_credentials failed (Unknown error 2529638927) ads_set_machine_password: Unknown error 2529638927 Notice, it actually lets me add the machine...

...the install of SP2 still running and have the same krb5.conf, smb.conf and nsswitch.conf files on both machines. Both machines are running the exact same Distrubution of Linux and Samba and yet machine one authenticates and machine two does not. the error message that I currently get is " ads_join_realm: Operations error " has anyone got any ideas as to a resolution to this problem I have included the following smb.conf [global] wins server = workgroup=domainname server string=%h (Xandros Desktop) dns proxy=no name resolve order=hosts lmhosts host wins bcast log file=/var/log/samba/l...