Ok guys, at least I know that it does work for other people. Here's the network configuration: - Windows 2003 Server gx270-rmaniar [192.168.0.100] - Fedora Core 3 gx280rmaniarFC3 [192.168.0.5] FYI: A Windows XP box correctly connects to the DC OK. ********************** Here's what I've done: - removed the Active Directory service from the W2K3 box and started from scratch again. - configured /etc/krb5.conf - timesynced both the Linux and Windows boxes - Used kinit Administrator@xxxxxxxx to login, all OK. - Can login to smb share using smbclient -k //gx270-rmaniar/C$ so kerberos ticket is ok. - configured winbind/smb.conf using the Authentication applet. - smb/winbind are started ok. ********************** Here's the problem: [root@gx280rmaniarFC3 samba]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:35:12, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists So it says it exists already, despite the fact that its not shown in the 'Computers' list in AD. Tried it again, and got: [root@gx280rmaniarFC3 pam.d]# net ads join -S gx270-rmaniar -U Administrator Administrator's password: [2004/11/16 17:51:26, 0] libads/ldap.c:ads_add_machine_acct(1297) ads_add_machine_acct: Host account for gx280rmaniarfc3 already exists - modifying old account [2004/11/16 17:51:26, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (gx280rmaniarfc3): Type or value exists ads_join_realm: Type or value exists The computer now appears in the "Computers" list on the Windows server. [root@gx280rmaniarFC3 samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_INTERNAL_ERROR (0xc00000e5) Could not check secret ********************** Here's the relevant info from smb.conf: workgroup = TEST.COM security = ads password server = 192.168.0.100 realm = TEST.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = no And someone asked for authconfig --test --kickstart: caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is disabled LDAP+TLS is disabled LDAP server = "127.0.0.1" LDAP base DN = "dc=example,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is enabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" SMB security = "ads" SMB realm = "TEST.COM" Winbind template shell = "/bin/bash" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = "TEST.COM" krb5 realm via dns is disabled krb5 kdc = "192.168.0.100:88,192.168.0.100" krb5 kdc via dns is disabled krb5 admin server = "" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "127.0.0.1" LDAP base DN = "dc=example,dc=com" pam_smb_auth is disabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" pam_winbind is enabled SMB workgroup = "TEST.COM" SMB servers = "192.168.0.100" SMB security = "ads" SMB realm = "TEST.COM" pam_cracklib is enabled (retry=3) pam_passwdqc is disabled () So there you have it. I've googled for the problem with no luck. Any ideas? Thanks, Rafiq
