Bug 3316 - Can't join windows 2003 domain with "net ads join"
Can't join windows 2003 domain with "net ads join"
Status: RESOLVED INVALID
Product: Samba 3.0
Classification: Unclassified
Component: net utility
3.0.20b
x86 FreeBSD
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-12 05:26 UTC by d
Modified: 2006-03-01 21:04 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description d 2005-12-12 05:26:34 UTC
Can't join windows 2003 domain with "net ads join":

root@psi# net ads join -U freebsd%password
[2005/12/12 15:16:31, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (objectclass=*) gave 1 replies

The computer account is created in the domain, but the process never completes.

Some before it:

root@psi# kinit admin@DOMAIN.RU 
admin@DOMAIN.RU's Password: 
kinit: NOTICE: ticket renewable lifetime is 1 week 

root@psi# klist 
Credentials cache: FILE:/tmp/krb5cc_0 
Principal: admin@DOMAIN.RU 

Issued Expires Principal 
Dec 12 10:32:38 Dec 12 20:32:17 krbtgt/DOMAIN.RU@DOMAIN.RU 
Dec 12 10:57:10 Dec 12 20:32:17 dc2$@DOMAIN.RU 
Dec 12 11:31:01 Dec 12 20:32:17 dc$@DOMAIN.RU 

FreeBSD 6.0-STABLE
Comment 1 Lars Müller 2006-01-18 11:58:57 UTC
Is the user freebsd a domain adminsitrator or does it only have privileges to join the domain?
Comment 2 Jim McDonough 2006-03-01 20:59:59 UTC
This was fixed in the latest releases.  The only other workaround is to turn off the domain controller ldap signing requirement in the security policy for the domain controller.

*** This bug has been marked as a duplicate of 765 ***
Comment 3 Jim McDonough 2006-03-01 21:01:12 UTC
Sorry, that dup was a mistake, it's for another bug with a similar title but different symptoms.
Comment 4 Jim McDonough 2006-03-01 21:04:44 UTC
Now that I look at the symptoms, please explain why you kinit'ed with "admin" and then did "freebsd%password" on the net ads join?  Samba would use the credentials from the kinit.