On 9/27/07, eric roseme <[EMAIL PROTECTED]> wrote: > I know this sounds a little strange, but I was having the same problem > on 3.0.25c, but adding the password to the command line solved it. I > have no idea why: > > net ads join -U administrator%password >
Looks like that got me past the preauthentication error, but I'm still having an issue joining. Here is the debug log followed by my smb.conf # /usr/sfw/sbin/net ads join -d3 -Umyuser%mypassword [2007/10/03 09:07:37, 3] param/loadparm.c:(5024) lp_load: refreshing parameters [2007/10/03 09:07:37, 3] param/loadparm.c:(1424) Initialising global parameters [2007/10/03 09:07:37, 3] param/params.c:(572) params.c:pm_process() - Processing configuration file "/etc/sfw/smb.conf" [2007/10/03 09:07:37, 3] param/loadparm.c:(3763) Processing section "[global]" [2007/10/03 09:07:37, 2] lib/interface.c:(81) added interface ip=192.168.1.245 bcast=192.168.1.255 nmask=255.255.255.0 [2007/10/03 09:07:37, 3] libsmb/namequery.c:(1489) get_dc_list: preferred server list: "192.168.1.240, *" [2007/10/03 09:07:37, 3] libads/ldap.c:(394) Connected to LDAP server 192.168.1.240 [2007/10/03 09:07:37, 3] libsmb/namequery.c:(1489) get_dc_list: preferred server list: "192.168.1.240, *" [2007/10/03 09:07:37, 3] libsmb/namequery.c:(1489) get_dc_list: preferred server list: "192.168.1.240, *" [2007/10/03 09:07:37, 3] libsmb/namequery.c:(1489) get_dc_list: preferred server list: "192.168.1.240, *" [2007/10/03 09:07:37, 3] libads/ldap.c:(394) Connected to LDAP server 192.168.1.240 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2007/10/03 09:07:37, 3] libads/sasl.c:(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2007/10/03 09:07:37, 3] libsmb/clikrb5.c:(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file found) [2007/10/03 09:07:37, 3] libsmb/clikrb5.c:(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Wed, 03 Oct 2007 19:07:37 MDT [2007/10/03 09:07:37, 3] libsmb/namequery.c:(1489) get_dc_list: preferred server list: "192.168.1.240, *" [2007/10/03 09:07:37, 3] libads/ldap.c:(394) Connected to LDAP server 192.168.1.240 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2007/10/03 09:07:37, 3] libads/sasl.c:(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2007/10/03 09:07:37, 3] libads/sasl.c:(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2007/10/03 09:07:37, 3] libsmb/clikrb5.c:(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Wed, 03 Oct 2007 19:07:37 MDT [2007/10/03 09:07:37, 3] libsmb/cliconnect.c:(1509) Connecting to host=mydomain-svr.mydomain.local [2007/10/03 09:07:37, 3] lib/util_sock.c:(874) Connecting to 192.168.1.240 at port 445 [2007/10/03 09:07:37, 3] libsmb/cliconnect.c:(972) cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE [2007/10/03 09:07:37, 1] libsmb/cliconnect.c:(1606) failed session setup with NT_STATUS_LOGON_FAILURE [2007/10/03 09:07:37, 1] utils/net.c:(294) Cannot connect to server using kerberos. Error was NT_STATUS_LOGON_FAILURE [2007/10/03 09:07:37, 1] utils/net_ads.c:(1548) call of net_join_domain failed: Logon failure Failed to join domain: Logon failure [2007/10/03 09:07:37, 2] utils/net.c:(1036) return code = -1 ### smb.conf [global] realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN security = ADS use kerberos keytab = true ; password server = mydomain-svr.mydomain.local encrypt passwords = yes client lanman auth = no client NTLMv2 auth = yes lanman auth = no min protocol = LANMAN2 ntlm auth = no server string = Samba ADS client use spnego = no server signing = auto # winbind configuration: winbind separator = + ; winbind enum users = yes ; template homedir = /samba/pchome/%D/%U idmap domains = MYDOMAIN idmap config MYDOMAIN:default = yes idmap config MYDOMAIN:backend = tdb idmap config MYDOMAIN:range = 10000-20000 # this tells Samba to use a separate log file for each machine # that connects log file = /var/samba/log/log.%m log level = 10 # Put a capping on the size of the log files (in Kb). max log size = 1024 # Most people will find that this option gives better performance. # See the chapter 'Samba performance issues' in the Samba HOWTO Collection # and the manual pages for details. ; socket options = TCP_NODELAY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
