On Mon, May 21, 2012 at 12:17 PM, <alex.rans...@free.fr> wrote: > We're having trouble joining an AD domain with 3.6.5 > > This message when running net join looks fishy : > "got principal=not_defined_in_RFC4178@please_ignore" I'm sure it looks fishy, but it's not. This is normal for newer versions of windows (windows is sending it back).
> > OS : Solaris 10 x64 > Kerberos : MIT krb5 1.10.1 > DC servers are running Windows 2008 > > The error message is : > ./net join -U aranskis > Enter aranskis's password: > Failed to join domain: failed to lookup DC info for domain 'CORP.NET' > over rpc: Logon failure > ADS join did not work, falling back to RPC... > Unable to find a suitable server for domain CORP > Unable to find a suitable server for domain CORP > > with -d9, here's the hopefully relevant output : > > ads_dns_lookup_srv: 18 records returned in the answer section. > namecache_store: storing 18 addresses for CORP.NET#1c: 10.219.244.253, [List > of > DCs IP follows] > [..] > Successfully contacted LDAP server 10.219.244.253 > [..] > got principal=not_defined_in_RFC4178@please_ignore > [..] What's cut out here might be more helpful. However, please see below and try that first. > SPNEGO login failed: Logon failure > failed session setup with NT_STATUS_LOGON_FAILURE > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for domain > 'CIB.NET' over rpc: Logon failure' > domain_is_ad : 0x00 (0) > result : WERR_LOGON_FAILURE > > > relevant configuration options : > > [global] > realm=CORP.NET > workgroup=CORP.NET Please try changing this to just CORP (or whatever the "short" netbios name is for the domain...not the dns name). > security=ADS > encrypt passwords = yes > bind interfaces only = true > interfaces = msusersncs > > > > Any hints on the best way to try and figure out what is wrong when > trying to register in the AD ? > (the same config worked with samba 3.4.x, but the DCs were running Windows > 2003) -- Jim McDonough Samba Team SUSE labs jmcd at samba dot org jmcd at themcdonoughs dot org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba