Can't join windows 2003 domain with "net ads join": root@psi# net ads join -U freebsd%password [2005/12/12 15:16:31, 5] libads/ldap_utils.c:ads_do_search_retry(56) Search for (objectclass=*) gave 1 replies The computer account is created in the domain, but the process never completes. Some before it: root@psi# kinit admin@DOMAIN.RU admin@DOMAIN.RU's Password: kinit: NOTICE: ticket renewable lifetime is 1 week root@psi# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: admin@DOMAIN.RU Issued Expires Principal Dec 12 10:32:38 Dec 12 20:32:17 krbtgt/DOMAIN.RU@DOMAIN.RU Dec 12 10:57:10 Dec 12 20:32:17 dc2$@DOMAIN.RU Dec 12 11:31:01 Dec 12 20:32:17 dc$@DOMAIN.RU FreeBSD 6.0-STABLE
Is the user freebsd a domain adminsitrator or does it only have privileges to join the domain?
This was fixed in the latest releases. The only other workaround is to turn off the domain controller ldap signing requirement in the security policy for the domain controller. *** This bug has been marked as a duplicate of 765 ***
Sorry, that dup was a mistake, it's for another bug with a similar title but different symptoms.
Now that I look at the symptoms, please explain why you kinit'ed with "admin" and then did "freebsd%password" on the net ads join? Samba would use the credentials from the kinit.