Just compiled the release of 3.3.0 to see if bug 5973 still exists, only now I am unable to even join the domain. root@egr214-01:/usr/local/samba/bin$ ./net ads join -U mmchugh Enter mmchugh's password: Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) If I run it again I also get: root@egr214-01:/usr/local/samba/bin$ ./net ads join -U mmchugh Enter mmchugh's password: [2009/01/28 23:27:54, 0] lib/smbldap.c:smb_ldap_start_tls(598) Failed to issue the StartTLS instruction: Connect error Broken Pipe and rpc does not work either: root@egr214-01:/usr/local/samba/bin$ ./net rpc join -S acadrdcs.students.froot.nau.edu -U mmchugh Could not initialise lsa pipe Enter mmchugh's password: [2009/01/28 23:23:56, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(353) error setting trust account password: NT_STATUS_NOT_SUPPORTED Unable to join domain NAU-STUDENTS. and joining with kerberos also seems broken: root@egr214-01:/usr/local/samba/bin$ kinit mmchugh Password for mmchugh@STUDENTS.FROOT.NAU.EDU: root@egr214-01:/usr/local/samba/bin$ ./net ads join -k [2009/01/28 23:26:49, 0] libads/kerberos.c:kerberos_get_default_realm_from_ccache(529) kerberos_get_default_realm_from_ccache: failed to get default principal Failed to join domain: failed to lookup DC info for domain 'STUDENTS.FROOT.NAU.EDU' over rpc: Logon failure
Created attachment 3896 [details] smb.conf used
Please re-try with "ldap ssl = off". That solves the problem on my system.
Created attachment 3897 [details] patch commited upstream Hi, This patch has been pushed upstream It restores the default behaviour not to use ssl for ads_connect. If you do explicitly want ssl for ads , you can enable it now with setting "ldap ssl : ads = yes". Cheers - Michael
(In reply to comment #2) > Please re-try with "ldap ssl = off". > That solves the problem on my system. That sort of solves it. root@egr214-01:/usr/local/samba/bin$ ./net ads join -U mmchugh Enter mmchugh's password: Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) root@egr214-01:/usr/local/samba/bin$ ./net ads join -U mmchugh Enter mmchugh's password: Using short domain name -- NAU-STUDENTS Joined 'EGR214-01' to realm 'students.froot.nau.edu' Had to try twice to get it to work, but good enough to continue testing. Thanks
Michael's patch solves the problem. It will be included in 3.3.1. Closing out bug report. Thanks for reporting!