I’m hoping the same from last 2 weeks that any readers will give me a +ve response but the same as you .

But i never lost the hope …..

waiting for the person who can help me …

and thanks for moderating my post…

Good luck to you!

please help me ….

Thanks for help …… in advance…. please help me ….

I have winbind, samba,HTTPS,appserver, everything is in running mode.

I did all the configurations as above and also some other config changes specified in some other parts of web.

The command “net rpc join -U Administrator” joined fine.
But when given “wbinfo -u” the users in the local machine are showed up not the DC machines user.
But the linux machine is showing up in the DC machine under computers added.

i’m getting the SSO pop-up asking for the username and password.
But when i give the credentials “Internal server Error” is coming .

When i see the error_log of IBMHTTPS it is saying

[2011/09/28 18:32:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xa2088207
[2011/09/28 18:32:38, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739)
Got user=[administrator] domain=[] workstation=[SIMPRO359] len1=24 len2=24
[2011/09/28 18:32:38, 0] utils/ntlm_auth.c:winbind_pw_check(515)
Login for user []\[administrator]@[SIMPRO359] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly.]
[Wed Sep 28 18:32:38 2011] [error] [client 172.18.2.153] (20014)Internal error: ntlm_auth reports Broken Helper: BH NT_STATUS_ACCESS_DENIED, referer: http://msi-vmpl3cord10:81/
[2011/09/28 18:32:38, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED

Can any one please help me it’s already 2 weeks over my dead line… please ……

i have an linux open suse version 11.1 and trying to join in an Win 2003 R2 server…
but at i’ve got the following error in BASH

(net join -W krafft.local -I 192.168.2.1 -U Administrator%passwrd)

[2010/06/17 15:44:12, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(393)
Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME
Unable to join domain

____________________________________________________________
winbindd running
nsbd running
smb running
SAMBA version (smbclient -V) = 3.2.4-5.2-1985-SUSE-CODE11

any suggestions?

[root@ ]# net ads join -U Administrator
[2010/03/05 15:06:50, 0] param/loadparm.c:7444(lp_do_parameter)
Ignoring unknown parameter “use kerberos keytab”
Enter Administrator’s password:
Using short domain name — ADTEST
Joined ‘WODAO2′ to realm ‘adtest.corp.net’
No DNS domain configured for wodao2. Unable to perform DNS Update.
DNS update failed!

Here is testparm output (unknown parameter):

[root@wodao2 pam.d]# testparm
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: “use kerberos keytab”
Ignoring unknown parameter “use kerberos keytab”
Loaded services file OK.

A samba net ads join will create a keytab, will populate it with SPNs, will create an AD computer account, and will populate the serviceprincipalnames field for it — however, I have not found a mechanism by which they are directly usable.

IE: kinit -kt /etc/krb5.keytab host/hostname.myfqdn should work, but with SPNs it fails.

What apparently needs to be done, and what ktpass does, is to map the userprincipalname under the account, but unfortunately AD only supports one userprincipalname per user account.

You can create a valid keytab entru by doing net ads join and using the createupn field accordingly, it would seem.

The issue i’m having is when I log on to my shared drive ‘MyShare’ it works fine but i see it creates a directory for me called drew (ad domain name)… i’ve tried to log in but can’t. But I can log into the regular samba share..any ideas?

More important that the disto version you’re running is the Samba version, you can find this using for ex. net -V

You should first check that you can reach the domain CG.DC.FOR.ad.corp.com by using for ex. ping IP.ADDR.OF.CG.DC.FOR.ad.corp.com, if you will use -I, or that you can resolve and reach the host DNS.NAME.OF.CG.DC.FOR.ad.corp.com, if you will use -S, for ex. host/nslookup/dig DNS.NAME.OF.CG.DC.FOR.ad.corp.com and ping DNS.NAME.OF.CG.DC.FOR.ad.corp.com

you can find the list of SRV’s using AD DNS and query for SRV records of type _ldap._tcp.gc._msdcs.

Also if something is not working, restart by first deleting from AD the incomplete entry for the Samba machine and don’t use -S with IP, use -S name or use -I IP, or use -I IP and -S name in the net cmd

I’m have OpenSuse 10.3 and im trying to join it to a Win2k ADS. When i try to net join -S IP.ADDR -U administrator%password i get: utils/net_rpc_join.c:net_rpc_join_newstyle(350)
Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain COMBI. The strange thing is I get computerobject in the ADS. I have the same configuration as your previous articles. Kerberos is working fine.

any ideas??