https://community.hpe.com/t5/operating-system-linux/samba-3-0-with-active-directory-net-ads-join-problem/m-p/3133333#M75037 We have a AD-domain using Windows 2003 servers. We want to join our RH ES3 Samba (3.0.0-14.3E that was shipped with ES3) to our AD-domain. We get no error when running kinit but when trying to join the domain with "net ads join -U username" we don't get any successful nor errormessage. If you look at the log at the DC we get the following:<BR />-----CUT-----<BR />Pre-authentication failed:<BR /> User Name: username<BR /> User ID: PPM\username<BR /> Service Name: krbtgt/DOMAIN.COM<BR /> Pre-Authentication Type: 0x0<BR /> Failure Code: 0x19<BR /> Client Address: 192.168.xx.xx<BR />-----CUT-----<BR />The user we're using is a Domain Admin. We've followed most of the guides on the net and it should simply work with net ads join. We have also tried pre-creating a computer account in the AD domain for the server. In the configfiles below we also tried specifying a password server = in and workgroup = DOMAIN in smb.conf. There's no info in the krb5-logs.<BR /><BR />Any ideas?<BR /><BR /><BR />/etc/krb5.conf<BR />[logging]<BR />default = FILE:/var/log/krb5libs.log<BR />kdc = FILE:/var/log/krb5kdc.log<BR />admin_server = FILE:/var/log/kadmind.log <BR />[libdefaults]<BR />ticket_lifetime = 24000<BR />default_realm = DOMAIN.COM<BR />dns_lookup_realm = false<BR />dns_lookup_kdc = false <BR />[realms]<BR />DOMAIN.COM = {<BR />kdc = dcserver1.domain.com:88<BR />admin_server = kerberos.example.com:749<BR />default_domain = domain.com<BR />} <BR />[domain_realm]<BR />.domain.com = DOMAIN.COM<BR />domain.com = DOMAIN.COM<BR />[kdc]<BR />profile = /var/kerberos/krb5kdc/kdc.conf <BR />[appdefaults]<BR />pam = {<BR />debug = false<BR />ticket_lifetime = 36000<BR />renew_lifetime = 36000<BR />forwardable = true<BR />krb4_convert = false<BR />}<BR /><BR /><BR />/etc/samba/smb.conf<BR /># Global parameters<BR />[global]<BR /> netbios name = SAMBASERVER<BR /> server string = Linux Samba server<BR /> realm = DOMAIN.COM<BR /> security = ADS<BR /> password server = *<BR /> encrypt passwords = Yes<BR /> syslog = 0<BR /> log file = /var/log/samba/log.%m<BR /> max log size = 0<BR /> local master = No<BR /> read only = No<BR /> case sensitive = Yes<BR /> dos filetime resolution = Yes<BR /> log level = 2<BR /> Tue, 02 Dec 2003 05:34:00 GMT Jonas Back_2 2003-12-02T05:34:00Z https://community.hpe.com/t5/operating-system-linux/samba-3-0-with-active-directory-net-ads-join-problem/m-p/3133333#M75037 We have a AD-domain using Windows 2003 servers. We want to join our RH ES3 Samba (3.0.0-14.3E that was shipped with ES3) to our AD-domain. We get no error when running kinit but when trying to join the domain with "net ads join -U username" we don't get any successful nor errormessage. If you look at the log at the DC we get the following:<BR />-----CUT-----<BR />Pre-authentication failed:<BR /> User Name: username<BR /> User ID: PPM\username<BR /> Service Name: krbtgt/DOMAIN.COM<BR /> Pre-Authentication Type: 0x0<BR /> Failure Code: 0x19<BR /> Client Address: 192.168.xx.xx<BR />-----CUT-----<BR />The user we're using is a Domain Admin. We've followed most of the guides on the net and it should simply work with net ads join. We have also tried pre-creating a computer account in the AD domain for the server. In the configfiles below we also tried specifying a password server = in and workgroup = DOMAIN in smb.conf. There's no info in the krb5-logs.<BR /><BR />Any ideas?<BR /><BR /><BR />/etc/krb5.conf<BR />[logging]<BR />default = FILE:/var/log/krb5libs.log<BR />kdc = FILE:/var/log/krb5kdc.log<BR />admin_server = FILE:/var/log/kadmind.log <BR />[libdefaults]<BR />ticket_lifetime = 24000<BR />default_realm = DOMAIN.COM<BR />dns_lookup_realm = false<BR />dns_lookup_kdc = false <BR />[realms]<BR />DOMAIN.COM = {<BR />kdc = dcserver1.domain.com:88<BR />admin_server = kerberos.example.com:749<BR />default_domain = domain.com<BR />} <BR />[domain_realm]<BR />.domain.com = DOMAIN.COM<BR />domain.com = DOMAIN.COM<BR />[kdc]<BR />profile = /var/kerberos/krb5kdc/kdc.conf <BR />[appdefaults]<BR />pam = {<BR />debug = false<BR />ticket_lifetime = 36000<BR />renew_lifetime = 36000<BR />forwardable = true<BR />krb4_convert = false<BR />}<BR /><BR /><BR />/etc/samba/smb.conf<BR /># Global parameters<BR />[global]<BR /> netbios name = SAMBASERVER<BR /> server string = Linux Samba server<BR /> realm = DOMAIN.COM<BR /> security = ADS<BR /> password server = *<BR /> encrypt passwords = Yes<BR /> syslog = 0<BR /> log file = /var/log/samba/log.%m<BR /> max log size = 0<BR /> local master = No<BR /> read only = No<BR /> case sensitive = Yes<BR /> dos filetime resolution = Yes<BR /> log level = 2<BR /> Tue, 02 Dec 2003 05:34:00 GMT https://community.hpe.com/t5/operating-system-linux/samba-3-0-with-active-directory-net-ads-join-problem/m-p/3133333#M75037 Jonas Back_2 2003-12-02T05:34:00Z https://community.hpe.com/t5/operating-system-linux/samba-3-0-with-active-directory-net-ads-join-problem/m-p/3133334#M75038 I dont run ES3 or Samba 3<BR /><BR />So I am afraid I am only able to search for some info that maybe of help ?<BR /><BR />This is what a search on Failure code revealed, this is exactly like your problem but could help you along !<BR /><BR /><A href="http://www.google.be/groups?hl=en&amp;lr=&amp;ie=UTF-8&amp;oe=UTF-8&amp;threadm=wcZ4.1Zu.13%40gated-at.bofh.it&amp;rnum=1&amp;prev=/groups%3Fq%3Dsamba%2B%2522%2BFailure%2BCode:%2B0x19%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3DwcZ4.1Zu.13%2540gated-at.bofh.it%26rnum%3D1" target="_blank">http://www.google.be/groups?hl=en&amp;lr=&amp;ie=UTF-8&amp;oe=UTF-8&amp;threadm=wcZ4.1Zu.13%40gated-at.bofh.it&amp;rnum=1&amp;prev=/groups%3Fq%3Dsamba%2B%2522%2BFailure%2BCode:%2B0x19%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3DwcZ4.1Zu.13%2540gated-at.bofh.it%26rnum%3D1</A><BR /><BR />Hopefully this will help and others will be able to help you more .<BR /><BR /><BR />J-P<BR /> Tue, 02 Dec 2003 07:40:52 GMT https://community.hpe.com/t5/operating-system-linux/samba-3-0-with-active-directory-net-ads-join-problem/m-p/3133334#M75038 Huc_1 2003-12-02T07:40:52Z