Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
101102103104105106107108109110
105
8.2.3 Joining a Domain
Multiple errors may occur when joining a domain.
Symptom-1
# net ads join -U eroseme
eroseme's password:
[2005/03/18 09:13:37, 0] libads/ldap.c:ads_add_machine_acct(1366)
ads_add_machine_acct: Host account for atcux5 already exists - modifying old account
[2005/03/18 09:13:37, 0] libads/ldap.c:ads_join_realm(1725)
ads_join_realm: ads_add_machine_acct failed (atcux5): Insufficient access
ads_join_realm: Insufficient access
Problem-1
Username specified on the “net ads join –U username” does not have required privileges to join the
domain.
Resolution-1
Use a user that has administrator privileges. Using Administrator is not required. Other users can be
assigned Administrator rights is various ways.
Symptom-2
# kinit administrator
kinit(v5): No supported encryption types (config file error?) while getting initial credentials
Problem-2
Probably the enctype is not supported by the HP-UX Kerberos libraries
Resolution-2
Change the krb5.conf enctype to MD5 or CRC, or update the HP-UX Kerberos libraries
Symptom-3
Bad-password pop-up happens continually and all known fixes have been applied
Problem-3
The HP CIFS Server computer object may have been added to the ADS domain using the domain
controller Users and Computers MMC prior to doing a “net ads join”.