I was able to join using 3.0.34. However when accessing the share, I still get the same issue. Restrict anonymous login setting is enabled on the domain controller(Windows 2003 sp2). Log file [2009/07/29 15:13:09, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) 103 cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine <xxxxx> . Error was NT_STATUS_ACCESS_DENIED 104 [2009/07/29 15:13:09, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) 105 cli_rpc_pipe_open_schannel: failed to get schannel session key from server <xxxxx> for domain <xxxxxx>. 106 [2009/07/29 15:13:09, 0] auth/auth_domain.c:connect_to_domain_password_server(119 ) 107 connect_to_domain_password_server: unable to open the domain client session to machine <xxxxx>. Error was : NT_STATUS_ACCESS_DENIED. 108 [2009/07/29 15:13:09, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) 109 cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine HE3NTVD115 . Error was NT_STATUS_ACCESS_DENIED 110 [2009/07/29 15:13:09, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) 111 cli_rpc_pipe_open_schannel: failed to get schannel session key from server <xxxxx> for domain <xxxxx>. 112 [2009/07/29 15:13:09, 0] auth/auth_domain.c:connect_to_domain_password_server(119 ) 113 connect_to_domain_password_server: unable to open the domain client session to machine <xxxxx>. Error was : NT_STATUS_ACCESS_DENIED. 114 [2009/07/29 15:13:09, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) 115 cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine <xxxx> . Error was NT_STATUS_ACCESS_DENIED 116 [2009/07/29 15:13:09, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) 117 cli_rpc_pipe_open_schannel: failed to get schannel session key from server <xxxx> for domain <xxxx>. 118 [2009/07/29 15:13:09, 0] auth/auth_domain.c:connect_to_domain_password_server(119 ) 119 connect_to_domain_password_server: unable to open the domain client session to machine <xxxx>. Error was : NT_STATUS_ACCESS_DENIED. 120 [2009/07/29 15:13:09, 0] auth/auth_domain.c:domain_client_validate(220) 121 domain_client_validate: Domain password server not available. +++ This bug was initially created as a clone of Bug #4771 +++ We have identified a problem joining samba to a windows 2003 rc2 domain. Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join ads would throw up the error: cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED net_rpc_join_ok: failed to get schannel session key from server domaincontroller.mynet.mydomain.com for domain mynet. Error was NT_STATUS_ACCESS_DENIED Failed to verify membership in domain! Failed to join domain: Success return code = -1 A temporary workaround for this is to add "netlogon" to the group policy under "named pipes that can be accessed anonymously". this would seem to suggest that samba cannot join a domain unless it is granted anonymous access to the netlogon pipe. Our windows admins dont want to permanently open this, so is there a way to get samba net join to work correctly without having anonymous access to the netlogon pipe?
Samba 3.0.x is supported anymore.