We have a AD-domain using Windows 2003 servers. We want to join our RH
ES3 Samba (3.0.0-14.3E that was shipped with ES3) to our AD-domain. We
get no error when running kinit but when trying to join the domain
with "net ads join -U username" we don't get any successful nor
errormessage. If you look at the log at the domain controllers we get
the following:
Pre-authentication failed:
User Name: username
User ID: PPM\username
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 192.168.xx.xx
The user we're using is a Domain Admin. We've followed most of the
guides on the net and it should simply work with net ads join. We have
also tried pre-creating a computer account in the AD domain for the
server. Clocks are sync'ed. In the configfiles below we also tried
specifying a password server = in and workgroup = DOMAIN in smb.conf.
Also tried specifying password server = dcserver.domain.com. There's
no info in the krb5-logs.

Any ideas?

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
ticket_lifetime = 24000
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
kdc = dcserver1.domain.com:88
admin_server = kerberos.example.com:749
default_domain = domain.com
..domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
profile = /var/kerberos/krb5kdc/kdc.conf
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

# Global parameters
netbios name = SAMBASERVER
server string = Linux Samba server
realm = DOMAIN.COM
security = ADS
password server = *
encrypt passwords = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 0
local master = No
read only = No
case sensitive = Yes
dos filetime resolution = Yes
log level = 2