[Samba] Joining a Linux Machine to a Windows 2003 Active Directory Domain

I was getting that message when the name of my computer didn't match that of
what I set in my SMB.conf for "server string" parameter. Not knowing any
details of your smb.conf and your system, that is my shot in the dark
gotcha.

Post by C.Peterman
Hey all, I'm trying to join a Linux machine running CentOS 5, Samba version
3.0.23 to a Windows 2003 Active Directory. I can authenticate successfully
against Kerberos, but I cannot seem to join the domain. I'm using
instructions from this article
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<
https://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
but when I get to the join command I get this
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
Failed to join domain!
Any help would be most welcome!
~ Chris "Kyral" Peterman
Communications & Media Undergraduate
Clarkson University Class of 2008
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

C.Peterman

2007-10-29 21:30:45 UTC

Ah sorry, here is my smb.conf

<< Begin smb.conf >>

[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = AD

# server string is the equivalent of the NT Description field
server string = 0-1-3-1d-38-f2.noc.clarkson.edu

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = ADS

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes

# This option tells cups that the data has already been rasterized
cups options = raw

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
realm = AD.CLARKSON.EDU

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g

encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
template shell = /bin/bash

#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
read only = No
valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = no
printable = yes

<< End smb.conf >>

Post by Aaron Kincer
I was getting that message when the name of my computer didn't match that of
what I set in my SMB.conf for "server string" parameter. Not knowing any
details of your smb.conf and your system, that is my shot in the dark
gotcha.

*>*> Hey all, I'm trying to join a Linux machine running CentOS 5, Samba
*>*> version
*>*> 3.0.23 to a Windows 2003 Active Directory. I can authenticate successfully
*>*> against Kerberos, but I cannot seem to join the domain. I'm using
*>*> instructions from this article
*>*> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<
<http://www.enterprisenetworkingplanet.com/netos/article.php/3487081%3C>
*>*> https://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
*>*>
*>*> but when I get to the join command I get this
*>>*
*>*> [root at 0-1-3-1d-38-f2
<https://lists.samba.org/mailman/listinfo/samba> ~]# net ads join -U
adjoin
*>*> adjoin's password:
*>*> Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
*>*> Failed to join domain!
*>>*
*>*> Any help would be most welcome!
*>>*
*>*> ~ Chris "Kyral" Peterman
*>*> Communications & Media Undergraduate
*>*> Clarkson University Class of 2008*

Aaron Kincer

2007-10-29 21:49:33 UTC

Is your server string your real machine name (i.e. it's what you get when
you type hostname at a command prompt)? If not, try making your server
string the same as your hostname.

Post by C.Peterman
Ah sorry, here is my smb.conf
<< Begin smb.conf >>
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = AD
# server string is the equivalent of the NT Description field
server string = 0-1-3-1d-38-f2.noc.clarkson.edu
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = ADS
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# This option tells cups that the data has already been rasterized
cups options = raw
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
realm = AD.CLARKSON.EDU
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
template shell = /bin/bash
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
read only = No
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = no
printable = yes
<< End smb.conf >>

Post by Aaron Kincer
I was getting that message when the name of my computer didn't match

that of

Post by Aaron Kincer
what I set in my SMB.conf for "server string" parameter. Not knowing any
details of your smb.conf and your system, that is my shot in the dark
gotcha.
On 10/29/07, C. Peterman <c.peterman at gmail.com <

*>*> Hey all, I'm trying to join a Linux machine running CentOS 5, Samba
*>*> version
*>*> 3.0.23 to a Windows 2003 Active Directory. I can authenticate successfully
*>*> against Kerberos, but I cannot seem to join the domain. I'm using
*>*> instructions from this article
*>*> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<
<http://www.enterprisenetworkingplanet.com/netos/article.php/3487081%3C>
*>*>
https://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
*>*>
*>*> but when I get to the join command I get this
*>>*
*>*> [root at 0-1-3-1d-38-f2
<https://lists.samba.org/mailman/listinfo/samba> ~]# net ads join -U
adjoin
*>*> Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
*>*> Failed to join domain!
*>>*
*>*> Any help would be most welcome!
*>>*
*>*> ~ Chris "Kyral" Peterman
*>*> Communications & Media Undergraduate
*>*> Clarkson University Class of 2008*
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Chris Peterman

2007-10-30 06:10:04 UTC

Yup! Its the same.

Post by Aaron Kincer
Is your server string your real machine name (i.e. it's what you get when
you type hostname at a command prompt)? If not, try making your server
string the same as your hostname.

Post by C.Peterman
Ah sorry, here is my smb.conf
<< Begin smb.conf >>
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = AD
# server string is the equivalent of the NT Description field
server string = 0-1-3-1d-38-f2.noc.clarkson.edu
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = ADS
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# This option tells cups that the data has already been rasterized
cups options = raw
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
realm = AD.CLARKSON.EDU
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but
NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
template shell = /bin/bash
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
read only = No
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = no
printable = yes
<< End smb.conf >>

Post by Aaron Kincer
I was getting that message when the name of my computer didn't match

that of

Post by Aaron Kincer
what I set in my SMB.conf for "server string" parameter. Not knowing
any details of your smb.conf and your system, that is my shot in the
dark gotcha.
On 10/29/07, C. Peterman <c.peterman at gmail.com <

*>*> Hey all, I'm trying to join a Linux machine running CentOS 5, Samba
*>*> version
*>*> 3.0.23 to a Windows 2003 Active Directory. I can authenticate successfully
*>*> against Kerberos, but I cannot seem to join the domain. I'm using
*>*> instructions from this article
*>*> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<
<http://www.enterprisenetworkingplanet.com/netos/article.php/3487081%3C>
*>*>
https://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterpri
senetworkingplanet.com/netos/article.php/3487081 *>*>
*>*> but when I get to the join command I get this
*>>*
*>*> [root at 0-1-3-1d-38-f2
<https://lists.samba.org/mailman/listinfo/samba> ~]# net ads join -U
adjoin
*>*> Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
*>*> Failed to join domain!
*>>*
*>*> Any help would be most welcome!
*>>*
*>*> ~ Chris "Kyral" Peterman
*>*> Communications & Media Undergraduate
*>*> Clarkson University Class of 2008*
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

--
~ Chris "Kyral" Peterman
Communications & Media Undergraduate
Clarkson University
Associate Member of the Free Software Foundation
Member of the Association for Computing Machinery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20071029/1d6b0599/attachment.bin

Vijay S

2007-10-30 13:07:34 UTC

I was getting a similar error. Not sure if it's exact. Check to see if
your machine is already in AD. For some reason I got this error even though
the join was successful.

Post by Chris Peterman
Yup! Its the same.

Post by Aaron Kincer
Is your server string your real machine name (i.e. it's what you get

when

Post by Aaron Kincer
you type hostname at a command prompt)? If not, try making your server
string the same as your hostname.

want

Post by C.Peterman
# user level security. See the Samba-HOWTO-Collection for details.
security = ADS
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# This option tells cups that the data has already been rasterized
cups options = raw
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
realm = AD.CLARKSON.EDU
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but
NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS

names

Post by C.Peterman
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
template shell = /bin/bash
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
read only = No
valid users = %S
# Un-comment the following and create the netlogon directory for

Domain

Post by C.Peterman
Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = no
printable = yes
<< End smb.conf >>

Post by Aaron Kincer
I was getting that message when the name of my computer didn't match

that of

Post by Aaron Kincer
what I set in my SMB.conf for "server string" parameter. Not knowing
any details of your smb.conf and your system, that is my shot in the
dark gotcha.
On 10/29/07, C. Peterman <c.peterman at gmail.com <

*>*> Hey all, I'm trying to join a Linux machine running CentOS 5,

Samba

Post by C.Peterman
*>*> version
*>*> 3.0.23 to a Windows 2003 Active Directory. I can authenticate successfully
*>*> against Kerberos, but I cannot seem to join the domain. I'm using
*>*> instructions from this article
*>*>

http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<

Post by C.Peterman
<

http://www.enterprisenetworkingplanet.com/netos/article.php/3487081%3C>

Post by C.Peterman
*>*>

https://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterpri

Post by C.Peterman
senetworkingplanet.com/netos/article.php/3487081 *>*>
*>*> but when I get to the join command I get this
*>>*
*>*> [root at 0-1-3-1d-38-f2
<https://lists.samba.org/mailman/listinfo/samba> ~]# net ads join -U
adjoin
*>*> Failed to set password for machine account

(NT_STATUS_ACCESS_DENIED)

Post by C.Peterman
*>*> Failed to join domain!
*>>*
*>*> Any help would be most welcome!
*>>*
*>*> ~ Chris "Kyral" Peterman
*>*> Communications & Media Undergraduate
*>*> Clarkson University Class of 2008*
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

--
~ Chris "Kyral" Peterman
Communications & Media Undergraduate
Clarkson University
Associate Member of the Free Software Foundation
Member of the Association for Computing Machinery
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

2007-10-30 04:53:45 UTC

Man.. u r not a member of domain admin..

----- Original Message -----
From: "C.Peterman" <***@gmail.com>
To: <***@lists.samba.org>
Sent: Monday, October 29, 2007 11:28 AM
Subject: [Samba] Joining a Linux Machine to a Windows 2003 Active
DirectoryDomain

Post by C.Peterman
Hey all, I'm trying to join a Linux machine running CentOS 5, Samba version
3.0.23 to a Windows 2003 Active Directory. I can authenticate successfully
against Kerberos, but I cannot seem to join the domain. I'm using
instructions from this article
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<https://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterprisenetworkingplanet.com/netos/article.php/3487081>
but when I get to the join command I get this
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
Failed to join domain!
Any help would be most welcome!
~ Chris "Kyral" Peterman
Communications & Media Undergraduate
Clarkson University Class of 2008
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Chris Peterman

2007-11-01 07:42:48 UTC

I talked with the AD admin and he realized that ADJoin doesn't have the full
complement of privileges needed. So he tried his (full admin) account and it
still doesn't work. He noticed that klist dumped something wierd out...

I dunno if this is the right place to talk about Kerberbos, but since this
relates to the whole Samba thing. Here is the output from kinit + klist

Script started on Wed 31 Oct 2007 01:26:18 PM EDT
[***@0-1-3-1d-38-f2 ~]# kinit ***@AD.CLARKSON.EDU
mwinscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared
file: /var/run/pcscd.pub
Password for ***@AD.CLARKSON.EDU:
[***@0-1-3-1d-38-f2 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ***@AD.CLARKSON.EDU

Valid starting Expires Service principal
10/31/07 13:27:10 10/31/07 23:27:13 krbtgt/***@AD.CLARKSON.EDU
renew until 11/01/07 13:27:10

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[***@0-1-3-1d-38-f2 ~]#
Script done on Wed 31 Oct 2007 01:27:24 PM EDT

He thought it was odd that it was appending AD.CLARKSON.EDU to the domain. The
krb5.conf is basically what is in the article with appropriate values subbed
in.

Chris,
Does the user "adjoin" have privileges to join the domain? Usually the
user "Administrator" is used.
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html#id37
1232
The command "net rpc rights list -U adjoin" must return
"SeMachineAccountPrivilege".
I used the same article to set up my systems, and Administrator seems to
have these rights by default, because it's always worked with no
intervention on my part. Once you get this part working, a good
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
Good luck,
Dale

Post by C.Peterman
Hey all, I'm trying to join a Linux machine running CentOS 5, Samba
version 3.0.23 to a Windows 2003 Active Directory. I can authenticate
successfully against Kerberos, but I cannot seem to join the domain. I'm
using instructions from this article
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081<https
://mymail.clarkson.edu/exchweb/bin/redir.asp?URL=http://www.enterprisenetw
orkingplanet.com/netos/article.php/3487081> but when I get to the join
command I get this
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
Failed to join domain!
Any help would be most welcome!
~ Chris "Kyral" Peterman
Communications & Media Undergraduate
Clarkson University Class of 2008

Continue reading on narkive:

Search results for '[Samba] Joining a Linux Machine to a Windows 2003 Active Directory Domain' (Questions and Answers)

started 2007-03-08 09:16:44 UTC

How do i create a Domain with windows xp?

computer networking

Enable Windows XP Professional As Web Server?

started 2006-05-24 00:52:31 UTC

computer networking

Are you a Mac or PC? why?

started 2009-07-24 02:16:47 UTC

desktops