From: Jason Haar on
I am trying to add a (CentOS4.4) Samba-3.0.23d server to a AD Win2K3
domain and the following error occurs

# /usr/kerberos/bin/kinit administrator(a)SUBDOM.DOMAIN
# net join
Using short domain name -- SUBDOM
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'SAMBA-4BCA' in realm 'SUBDOM.DOMAIN'
ADS join did not work, falling back to RPC...
Unable to find a suitable server
Unable to find a suitable server

/etc/resolv.conf contains "domain subdom.domain", /etc/krb5.conf is
configured for SUBDOM.DOMAIN, and yet that fails. Also "ping
subdom.domain" returns tonnes of domain controllers - so I can't
understand how it can't find a "suitable server".

If I add the admin username to the command line, and point it explicitly
at a DC I get:

# net join -Uadministrator%password -Wsubdom -S dc.subdom.domain
kerberos_kinit_password administrator(a)SUBDOM.DOMAIN failed:
Preauthentication failed
[2006/12/06 03:43:33, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Preauthentication failed
ADS join did not work, falling back to RPC...
Joined domain SUBDOM.

...but it didn't work. MMC Users and Computers shows the hostname in the
Computers container - but it either has 8bit garbage after the name (i.e
it's corrupt), or it's marked as Disabled.

Any ideas what's wrong?



Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

To unsubscribe from this list go to the following URL and read the