[Samba] join samba to a 2003 rc2 domain - Samba

This is a discussion on [Samba] join samba to a 2003 rc2 domain - Samba ; We have identified a problem joining samba to a windows 2003 rc2 domain. Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join ads would throw up the error: cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] join samba to a 2003 rc2 domain

  1. [Samba] join samba to a 2003 rc2 domain

    We have identified a problem joining samba to a windows 2003 rc2 domain.
    Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join
    ads would throw up the error:

    cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
    domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED
    net_rpc_join_ok: failed to get schannel session key from server
    domaincontroller.mynet.mydomain.com for domain mynet. Error was
    NT_STATUS_ACCESS_DENIED
    Failed to verify membership in domain!
    Failed to join domain: Success
    return code = -1

    A temporary workaround for this is to add "netlogon" to the group policy
    under "named pipes that can be accessed anonymously". this would seem to
    suggest that samba cannot join a domain unless it is granted anonymous
    access to the netlogon pipe.

    Our windows admins dont want to permanently open this, so is there a way to
    get samba net join to work correctly without having anonymous access to the
    netlogon pipe?

    Thanks.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] join samba to a 2003 rc2 domain

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    smlacc1 leador wrote:
    > We have identified a problem joining samba to a windows 2003 rc2 domain.
    > Using mit kerberos 1.5, and the latest version of samba (3.0.25b), net join
    > ads would throw up the error:
    >
    > cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
    > domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED
    > net_rpc_join_ok: failed to get schannel session key from server
    > domaincontroller.mynet.mydomain.com for domain mynet. Error was
    > NT_STATUS_ACCESS_DENIED
    > Failed to verify membership in domain!
    > Failed to join domain: Success
    > return code = -1
    >
    > A temporary workaround for this is to add "netlogon" to the group policy
    > under "named pipes that can be accessed anonymously". this would seem to
    > suggest that samba cannot join a domain unless it is granted anonymous
    > access to the netlogon pipe.
    >
    > Our windows admins dont want to permanently open this, so is there a way to
    > get samba net join to work correctly without having anonymous access to the
    > netlogon pipe?


    Please file this as a bug at https://bugzilla.samba.org/ and we'll fix
    it. Thanks.







    cheers, jerry
    ================================================== ===================
    Samba ------- http://www.samba.org
    Centeris ----------- http://www.centeris.com
    "What man is a man who does not make the world better?" --Balian
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (Darwin)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFGjlA/IR7qMdg1EfYRApdnAJ0bBJ6Vl2UYjLQ+EwvTk4MToN1YYwCfSZ OD
    OBm4bW165N00xrFwUkHXycU=
    =LSGd
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread