On Tue, Sep 28, 2004 at 01:17:06PM -0400, [EMAIL PROTECTED] wrote: > I noticed when trying to use a windows active directory server for my > "password server" that i cannot join the windows AD domain (using the net > join command) unless the windows server has "anonymous access enabled". > Why is this? I am trying to join as "administrator" so why does it need > anonymous?
I think you need to use kerberos, then it will work. > smb.conf: > [Global] parameters > workgroup = MYDOMAIN > wins support = Yes > hosts allow = all > encrypt passwords = Yes > unix password sync = Yes > passwd program = /usr/bin/passwd %u > update encrypted = No > lm announce = true > log level = 2 > # for AD passwords > # password server = * > password server = WINSERVER1 WINSERVER2 > security = domain > [export] > path = /export > comment = export > browseable = yes > writable = yes > read only = No > public = No > Try to use "security = ads" and "realm = YOUR.AD.REALM". Configure kerberos, grab a ticket granting ticket (TGT) for the Administrator principal and you should be able to use "net ads join" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
