We have identified a problem joining samba to a windows 2003 rc2 domain. Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join ads would throw up the error:
cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED net_rpc_join_ok: failed to get schannel session key from server domaincontroller.mynet.mydomain.com for domain mynet. Error was NT_STATUS_ACCESS_DENIED Failed to verify membership in domain! Failed to join domain: Success return code = -1 A temporary workaround for this is to add "netlogon" to the group policy under "named pipes that can be accessed anonymously". this would seem to suggest that samba cannot join a domain unless it is granted anonymous access to the netlogon pipe. Our windows admins dont want to permanently open this, so is there a way to get samba net join to work correctly without having anonymous access to the netlogon pipe? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
