Red Hat Bugzilla – Bug 215648
net ads join or kerberos issue with fc6...
Last modified: 2007-11-30 17:11:49 EST
Description of problem: net ads join fails to use kerberos ticket, or kinit perhaps isn't doing something correct. Version-Release number of selected component (if applicable): samba-3.0.23c-2 krb5-workstation-1.5-7 How reproducible: Always Steps to Reproduce: 1. kinit Administrator@INTRANET.PRIVATE.DOMAIN 2. net ads join 3. Actual results: net ads join prompts for root password Expected results: linux server joins win2k3 domain. Additional info: Same setup on my fc4 box works as expected, samba.conf and krb5.conf files are exactly the same on fc6 box. kinit prompts for password, and accepts it. (No errors) klist shows: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@INTRANET.PRIVATE.DOMAIN Valid starting Expires Service principal 11/14/06 16:45:57 11/15/06 02:47:22 krbtgt/INTRANET.PRIVATE.DOMAIN@INTRANET.PRIVATE.DOMAIN renew until 11/15/06 16:45:57 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached
Could this be fixed in 3.0.23d, which was just released last week and has a bunch of AD fixes? I am currently bitten by Samba bug 4095 (and was able to workaround it by building a patched 3.0.23c). I don't see the new version in Rawhide or updates-testing yet, it might help with a number of reports.
Can you please verify with the latest update (3.0.24-1.fc6)? Often the prompt during the net ads join is caused because "net" cannot find a suitable DC. Could you, if the error still persists, upload the log level 10 stderr output (net ads join -d 10) ?
Assuming the join is working now, so closing this bug. If it doesn't work, please reopen this bug with a a log level 10 "net ads join" logfile. Thanks for the report.