This is a discussion on [Samba] Joining an ADS domain - issue with the netlogon pipe (anonymous access required) - Samba ; I have a problem joining Samba to a Windows 2003 sp1 ADS domain. I'm running Samba 3.0.28 on Solaris 10 with MIT Kerberos 1.6.3 and OpenLDAP 2.3.38. When I run 'net ads join' i get the following error. ../net ads ...
I have a problem joining Samba to a Windows 2003 sp1 ADS domain. I'm
running Samba 3.0.28 on Solaris 10 with MIT Kerberos 1.6.3 and OpenLDAP
When I run 'net ads join' i get the following error.
../net ads join -S domaincontroller.mynet.mydomain.com -U Administrator
2008/01/22 12:06:09, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine
domaincontroller.mynet.mydomain.com. Error was NT_STATUS_ACCESS_DENIED
[2008/01/22 12:06:09, 0] utils/net_rpc_join.c:net_rpc_join_ok(70)
net_rpc_join_ok: failed to get schannel session key from server
domaincontroller.mynet.mydomain.com for domain mynet.mydomain.com. Error
Failed to verify membership in domain!
Failed to join domain: Success
[2008/01/22 12:06:09, 2] utils/net.c:main(1036)
return code = -1
A temporary work around for this is to add "netlogon" to the group policy
under "named pipes that can be accessed anonymously" on the PDC. Once the
Windows SA's changed this the 'net ads join' worked fine.
The Windows SA's will not open this on the production domain.
Is there a way to get Samba to join an ADS domain correctly without having
to enable anonymous access to the netlogon pipe?
This communication is for informational purposes only. It is not
intended as an offer or solicitation for the purchase or sale of
any financial instrument or as an official confirmation of any
transaction. All market prices, data and other information are not
warranted as to completeness or accuracy and are subject to change
without notice. Any comments or statements made herein do not
necessarily reflect those of JPMorgan Chase & Co., its subsidiaries
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. Although this transmission and any
attachments are believed to be free of any virus or other defect
that might affect any computer system into which it is received and
opened, it is the responsibility of the recipient to ensure that it
is virus free and no responsibility is accepted by JPMorgan Chase &
Co., its subsidiaries and affiliates, as applicable, for any loss
or damage arising in any way from its use. If you received this
transmission in error, please immediately contact the sender and
destroy the material in its entirety, whether in electronic or hard
copy format. Thank you.
Please refer to http://www.jpmorgan.com/pages/disclosures for
disclosures relating to UK legal entities.
To unsubscribe from this list go to the following URL and read the