Bug 3761 - "net ads join" fails with trusted admin account; "net rpc join" is OK
Summary: "net ads join" fails with trusted admin account; "net rpc join" is OK
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.14a
Hardware: All Linux
: P3 major
Target Milestone: 3.0.23
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-05 23:14 UTC by Leon Vernikov
Modified: 2006-05-19 09:39 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Leon Vernikov 2006-05-05 23:14:43 UTC
There are 2 trusted domains:
DomainA.com (WorkgroupA, Administrator userA/passwordA)
DomainB.com (WorkgroupB, Administrator userB/passwordB)

Linux client has smb.conf and krb5.conf files with DomainA information
configured correctly.

#net rpc join  -U userA%passwordA
Joined domain WorkgroupA.
#net rpc join  -U WorkgroupB/userB%passwordB
Joined domain WorkgroupA.
#net "rpc join  -W WorkgroupB -U userB%passwordB
Joined domain WorkgroupA.

#net ads join -U userA%passwordA
Using short domain name -- WorkgroupA
Joined 'Client' to realm 'DomainA.com'
#net ads join -U WorkgroupB/userB%passwordB
[2006/05/06 03:58:45, 0] libads/kerberos.c:ads_kinit_password(145)
  kerberos_kinit_password WorkgroupB/userB@DomainA.com failed: Client not found in Kerberos database
[2006/05/06 03:58:45, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Client not found in Kerberos database
#net ads join -W WorkgroupB -U userB%passwordB
[2006/05/06 04:01:11, 0] libads/kerberos.c:ads_kinit_password(145)
  kerberos_kinit_password userB@DomainA.com failed: Client not found in Kerberos database
[2006/05/06 04:01:11, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Client not found in Kerberos database

#net -V
Version 3.0.14a
Client runs MIT Kerberos library
Domains are Win2K3 SP1 servers
Comment 1 Leon Vernikov 2006-05-05 23:19:31 UTC
Both domains DomainA.com and DomainB.com are valid
Two way trust between them 
Comment 2 Gerald (Jerry) Carter (dead mail address) 2006-05-06 06:38:17 UTC
Known issue.  Already under investigation.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2006-05-19 09:39:54 UTC
I think this is fixed in the current SAMBA_3_0 tree.