similar to: net ads join requires full domain admin account?

I'm trying to join a Samba 3.0.4 (compiled from source on Debian) to an Active Directory as a member server. I believe Kerberos is configured correctly as kinit creates a ticket for the realm. Executables appear to have support for Kerberos and LDAP (smbd -b | grep KRB and grep LDAP) return OK. When I try to join the AD with net ads join -U myadminusername I'm prompted for my

server: ms 2003 with ads client: debian 3.1/samba 3.0.14 smb.conf: .. [global] workgroup = SP-GRUPPE password server = 10.85.117.150 realm = SP-GRUPPE.DE encrypt passwords = no server string = %h server (Samba %v) obey pam restrictions = yes passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .

I have been trying for two weeks to get onto a Win2k domain which has active directory with no success. The Suse YAST samba client will not do ADS, only domain, server, or user, so I went to the command line stuff I found the the Samba documentation. I can do kinit and get back the following: sha-linux:/etc/samba # kinit art_fore@3MTS.COM art_fore@3MTS.COM's Password: kinit: NOTICE:

After a lot of different problems and variations of krb5.conf and samba.conf files I am currently stuck with the following error trying to join a domain net ads join -U nfybw@UIB.NO 'Klienter\IT\MatNat\IFT\Samba Servers\IT-gruppen' nfybw@UIB.NO's password: [2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367) ads_add_machine_acct: Host account for iftsmb100 already

SLES 9 SP2 samba-3.0.14a-0.4 heimdal-lib-0.6.1rc3-55.15 samba-winbind-3.0.14a-0.4 pam-modules-9-18.10 pam_krb5-1.3-201.7 I've been searching for days for a concrete answer to this question: Is it possible to join an ADS domain from a Linux Samba server without having Administrator privileges? Yes or No. If so exactly what are the minimal requirements for joining the Linux box to the

Hi, I'm fairly new to samba so apologies if this is an old problem.... When I try 'net ads join -U administrator' I get the following: [2007/05/22 12:15:15, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for storage4 already exists - modifying old account Using short domain name -- ABSOLUTESTUDIOS [2007/05/22 12:15:15, 0]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ~ /usr/bin/net ads join -Udennisb dennisb password: [2004/11/02 17:31:56, 0] libads/ldap.c:ads_add_machine_acct(1006) ~ Host account for if-srv-hos1 already exists - modifying old account [2004/11/02 17:31:56, 0] libads/ldap.c:ads_join_realm(1342) ~ ads_add_machine_acct: No such object ads_join_realm: No such object Also: net user | wc -l reports

My agency is moving all users and computers to a new domain. Our current domain uses AD and the new domain will use AD. My current samba servers are running 3.0.20a with ADS security with winbind on Debian Stable (Sarge) with no problems. I set up a test samba server using 3.0.20b, the new krb5.conf and smb.conf. kinit works fine. ("Authenticated to Kerberos v5") I prestage the server

Please cc me on replies. My employer recently upgraded to W2K3. I have no control over the employer's set up and limited access to information. Under the old server, everything was working fine. Now I can't mount the shared drive anymore. I'm running Debian sid; samba 3.0.6-3. ################################################ # mount shared_drive cli_negprot: SMB signing is

Hi, I am having problems configuring my Centos 4 server as an ADS domain member of our 2003 AD. I've followed the instructions on samba.org and did quite a bit of Google'ing and haven't found an answer to the problems. Basically I used the configuration illustrated in this section of the howto, and of course a number of other suggestions I've found along the way:

I'm seeing a lot of: [2005/05/16 08:35:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN\SAMBA_CLIENT1$ is invalid on this system in the logs on my samba server after joining our ad DOMAIN, and accessing from SAMBA_CLIENT1 (also a member of the ad DOMAIN). Otherwise, it appears to be functioning well. Is this something to be worried about? -- Rex

Hello, I've been reading up on lots of documents that mention the different ways to do things as far as joining a linux machine to AD and authentication. I've tried most of them but its not helping at all. I've included my config files for smb.conf, krb5.conf, pam.d/system-auth and the applicable nsswitch.conflines. For security reasons, i've obscured part of the domain name. Any

Trying to do a net ads join, which has always worked fine in the past is now throwing the below errors when I try and rejoin the domain after a Windows server reboot. What am I doing wrong? :b! [2006/08/23 19:45:00, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for mustang already exists - modifying old account [2006/08/23 19:45:00, 0]

Hi all, Thus far, I have managed to get wbinfo -[u|g] to display users/group correctly, and getent passwd/group works. However, wbinfo -t fails to work, giving me this error: [root@billing samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) Could not check secret Further, this seems to be related to a problem with wbinfo -a:

Okay, the jist of this whole thing, I get this infamous (?) problem, I have been trying to search though the archives of samba-general on gmane and also in my archive of this list. I have only seen requests for the magical answer. Environment: W2K/W2K3 mixed ADS going Native ADS only soon. Samba 3.0.4 compiled from source on a RHEL AS30 machine. MIT Kerberos v1.3.4 also compiled from source.

Good evening everyone: I am struggling with a problem here. I have a brand new FC3 server set up. My Windows domain is a windows 2003 active directory domain. I have samba configured as below [global] netbios name = SRVWEB-01 server string = MCA Production Web Server printing = cups idmap gid = 15000-20000 password server = srvdc01 idmap

hello i have been struggling for to long trying to setup the following configuration: debian samba 3 member server of a win 2000 AD here is my configuration: ## smb.conf ## [global] log level = 4 interfaces = 192.168.10.11/255.255.255.0 workgroup = datom realm = datom.dyndns.org server string = samba membre security = ads netbios name = cafeine log file = /var/log/samba/samba.log max log size

I am trying to join my Linux workstation to my ADS domain. Unfortunately, I'm not having much success. net ads join hangs forever (or at least for more than 12 hours) when run. The computer account is created in the domain, but the process never completes. tdbdump secrets.tdb shows no results, and wbinfo shows users and groups from the trusted domains but not from the domain I am trying to

I need help to resolve this issue. I saw that Andrew put a patch by Antti to enable users without full admin access to join samba into an AD domain. I am playing with it and always get "Insufficient access". Using the same user, I can join a Windows box into the domain just fine. The user is a member of "domain users", but not "domain admins". I can use a

Hi, it try to join ads with samba 3.0.22 (SLES9 SP3) and got: holu0001:~ # kinit <admin> <admin@DOMAIN> Password: kinit: NOTICE: ticket renewable lifetime is 1 week holu0001:~ # net ads join [2006/05/31 17:42:21, 0] libads/ldap.c:ads_add_machine_acct(1507) Warning: ads_set_machine_sd: Unexpected information received ads_set_machine_password: Message stream modified holu0001:~ #