Re: [Samba] net ads join fails 3/4's of the time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: | I just wanted to share my frustrations with trying | to use samba to join linux machines to our AD | (so I could use pam_winbind primarily). I'm | using Red Hat Enterprise 4 boxes, with samba-3.0.14a, | krb5-libs-1.3.4-12, kernel-2.6.9-5.0.5.EL (I tried | Fedora Core 3 too, with similar results). I (pre)added | machines to the AD using the Active Directory Users | and Computers tool. | | I initially had clock skew problems (yielding kerberos | errors), but I now have synchronized system clocks. | | Now, I've found that the | $ net ads join | command(*) always says it succeeds joining the domain, | but a subsequent | $ wbinfo -t | about 75% of the time yields an error: | NT_STATUS_ACCESS_DENIED | | If I re-run those 2 commands repeatedly, I *eventually* | will get machine that has successfully joined the | AD domain (where 'wbinfo -t' succeeds | and pam_winbind successfully authenticates users). I doner if you are dealing with a AD replication lag. How many DC's are there in the domain? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqY1vIR7qMdg1EfYRAo5gAJwLy/LFXX82huhugrXmSp+WPUChCACg5mmz bX2b3k/PvXxwh4jg68jrWDc= =iJfG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join fails 3/4's of the time
Gerald (Jerry) Carter wrote: Rex Dieter wrote: | Now, I've found that the | $ net ads join | command(*) always says it succeeds joining the domain, | but a subsequent | $ wbinfo -t | about 75% of the time yields an error: | NT_STATUS_ACCESS_DENIED | | If I re-run those 2 commands repeatedly, I *eventually* | will get machine that has successfully joined the | AD domain (where 'wbinfo -t' succeeds | and pam_winbind successfully authenticates users). I doner if you are dealing with a AD replication lag. How many DC's are there in the domain? 3 DC's. If your hunch is right, what should I do? Simply wait longer between the 'net ads join' and 'wbinfo -t' (I'm currently waiting 2 seconds)? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join fails 3/4's of the time
I just wanted to share my frustrations with trying to use samba to join linux machines to our AD (so I could use pam_winbind primarily). I'm using Red Hat Enterprise 4 boxes, with samba-3.0.14a, krb5-libs-1.3.4-12, kernel-2.6.9-5.0.5.EL (I tried Fedora Core 3 too, with similar results). I (pre)added machines to the AD using the Active Directory Users and Computers tool. I initially had clock skew problems (yielding kerberos errors), but I now have synchronized system clocks. Now, I've found that the $ net ads join command(*) always says it succeeds joining the domain, but a subsequent $ wbinfo -t about 75% of the time yields an error: NT_STATUS_ACCESS_DENIED If I re-run those 2 commands repeatedly, I *eventually* will get machine that has successfully joined the AD domain (where 'wbinfo -t' succeeds and pam_winbind successfully authenticates users). Now, I'm mostly content that I've found a solution to my problem, but I'm curious why/how 'net ads join' oftemtimes claims false success (and why is it failing at all in the first place)? -- Rex (*) with -d3 or higher, I see random collections of errors, mostly kerberos related saying pre-authentication failed and encryption type not supported -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
