Hello all,

I'm having problems getting Samba to join a Windows AD. I am delegated
OU admin, and have no direct access to the domain controller. We have 3
DCs in one domain where my OU exists. The users I wish to authenticate
are in a different domain.

I have set up Kerberos and can receive tickets correctly.

I run

net -d 4 ads join createcomputer=3D[Delegated OU] -U [account with join
permissions]

After filling in a password, I get the following:

[2008/04/01 16:06:01, 4] libsmb/namequery_dc.c:ads_dc_name(139)
ads_dc_name: using server=3D dc_server' IP=3Ddc_ip
ccspmed's password:
[2008/04/01 16:06:03, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", *"
[2008/04/01 16:06:03, 4] libsmb/namequery.c:get_dc_list(1599)
get_dc_list: returning 3 ip addresses in an ordered list
[2008/04/01 16:06:03, 4] libsmb/namequery.c:get_dc_list(1600)
get_dc_list: 10.10.250.17:389 10.10.250.3:389 10.10.250.1:389
[2008/04/01 16:06:03, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 10.10.250.17
[2008/04/01 16:06:03, 4] libads/ldap.c:ads_current_time(2414)
time offset is -5 seconds
[2008/04/01 16:06:03, 4] libads/sasl.c:ads_sasl_bind(521)
Found SASL mechanism GSS-SPNEGO
[2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=3D1 2 840 48018 1 2 2
[2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=3D1 2 840 113554 1 2 2
[2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=3D1 2 840 113554 1 2 2 3
[2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=3D1 3 6 1 4 1 311 2 2 10
[2008/04/01 16:06:03, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name =3D dc_server
[2008/04/01 16:06:03, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2008/04/01 16:06:03, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Wed, 02 Apr 2008 02:05:58 BST
[2008/04/01 16:06:03, 1] utils/net_ads.c:net_ads_join(1470)
error on ads_startup: Strong(er) authentication required
Failed to join domain: Strong(er) authentication required
[2008/04/01 16:06:03, 2] utils/net.c:main(1036)
return code =3D -1

Any help appreciated.

Yours,

Naadir Jeewa


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba