I talked with the AD admin and he realized that ADJoin doesn't have the full complement of privileges needed. So he tried his (full admin) account and it still doesn't work. He noticed that klist dumped something wierd out...
I dunno if this is the right place to talk about Kerberbos, but since this
relates to the whole Samba thing. Here is the output from kinit + klist
Script started on Wed 31 Oct 2007 01:26:18 PM EDT
[EMAIL PROTECTED] ~]# kinit [EMAIL PROTECTED]
mwinscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared
file: /var/run/pcscd.pub
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/31/07 13:27:10 10/31/07 23:27:13 krbtgt/[EMAIL PROTECTED]
renew until 11/01/07 13:27:10
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED] ~]#
Script done on Wed 31 Oct 2007 01:27:24 PM EDT
He thought it was odd that it was appending AD.CLARKSON.EDU to the domain. The
krb5.conf is basically what is in the article with appropriate values subbed
in.
On Monday 29 October 2007 12:05:38 you wrote:
> Chris,
>
> Does the user "adjoin" have privileges to join the domain? Usually the
> user "Administrator" is used.
> For clarification see:
> http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#id37
>1232
>
> The command "net rpc rights list -U adjoin" must return
> "SeMachineAccountPrivilege".
>
> I used the same article to set up my systems, and Administrator seems to
> have these rights by default, because it's always worked with no
> intervention on my part. Once you get this part working, a good
> followup article is:
> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
>
> Good luck,
> Dale
>
> C.Peterman wrote:
> > Hey all, I'm trying to join a Linux machine running CentOS 5, Samba
> > version 3.0.23 to a Windows 2003 Active Directory. I can authenticate
> > successfully against Kerberos, but I cannot seem to join the domain. I'm
> > using instructions from this article
> > http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<https
> >://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterprisenetw
> >orkingplanet.com/netos/article.php/3487081> but when I get to the join
> > command I get this
> >
> > [EMAIL PROTECTED] ~]# net ads join -U adjoin
> > adjoin's password:
> > Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
> > Failed to join domain!
> >
> > Any help would be most welcome!
> >
> > ~ Chris "Kyral" Peterman
> > Communications & Media Undergraduate
> > Clarkson University Class of 2008
--
~ Chris "Kyral" Peterman
Communications & Media Undergraduate
Clarkson University
Associate Member of the Free Software Foundation
Member of the Association for Computing Machinery
signature.asc
Description: This is a digitally signed message part.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
