Hello all, I've run into the issue described here: http://lists.samba.org/archive/samba-technical/2010-September/073075.html To sum it up, I installed samba4 from git on a debian wheezy system. Initially, I was able to join Windows 7 clients to the AD controller. However, trying to get freenas 8 to join has been failing. In the end, trying to get it to work I changed administrator's password (via dsa.msc) which broke AD joining for windows clients too. KVNO in secrets.keytab file has always been "1". Could this mismatch be the cause of the failures? I rebooted all clients (to get rid of stale tickets) to no avail. The only way to fix this was to run the provision script again, but now samba is not very stable (I managed to join the AD domain, but upon login I get The security database on the server does not have a computer account for this workstation trust relationship). I really don't know where to start. Do you think using samba from debian SID would be wiser than building from git? Are there any other errors in the log I didn't spot? Is KVNO mismatch the reason joining fails, or are there more errors? Thanks. Kerberos: AS-REQ administrator@xxxxxxxxxxxxxxxxxxxxxxxx from ipv4:172.17.172.41:13893 for krbtgt/SYNDOM.SYNERGYPROJECT.GR@xxxxxxxxxxxxxxxxxxxxxxxx Kerberos: No preauth found, returning PREAUTH-REQUIRED -- administrator@xxxxxxxxxxxxxxxxxxxxxxxx Kerberos: AS-REQ administrator@xxxxxxxxxxxxxxxxxxxxxxxx from ipv4:172.17.172.41:44144 for krbtgt/SYNDOM.SYNERGYPROJECT.GR@xxxxxxxxxxxxxxxxxxxxxxxx Kerberos: Client sent patypes: encrypted-timestamp Kerberos: Looking for PKINIT pa-data -- administrator@xxxxxxxxxxxxxxxxxxxxxxxx Kerberos: Looking for ENC-TS pa-data -- administrator@xxxxxxxxxxxxxxxxxxxxxxxx Kerberos: ENC-TS Pre-authentication succeeded -- administrator@xxxxxxxxxxxxxxxxxxxxxxxx using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2012-03-29T23:45:08 starttime: unset endtime: 2012-03-30T09:45:07 renew till: unset Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5, des-cbc-md5, des-cbc-md4, des-cbc-crc, using arcfour-hmac-md5/arcfour-hmac-md5 Kerberos: Requested flags: forwardable Kerberos: TGS-REQ administrator@xxxxxxxxxxxxxxxxxxxxxxxx from ipv4:172.17.172.41:38698 for ldap/adpdc.syndom.synergyproject.gr@xxxxxxxxxxxxxxxxxxxxxxxx Kerberos: TGS-REQ authtime: 2012-03-29T23:45:08 starttime: 2012-03-29T23:45:08 endtime: 2012-03-30T09:45:07 renew till: unset Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] --- important bit ???? --- GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find ADPDC$@SYNDOM.SYNERGYPROJECT.GR(kvno 3) in keytab FILE:/usr/local/samba/private/secrets.keytab (arcfour-hmac-md5) SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE ------------------------------- Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] ldb_wrap open of secrets.ldb auth_check_password_send: Checking password for unmapped user [SYNDOM]\[Administrator]@[(null)] auth_check_password_send: mapped user is: [SYNDOM]\[Administrator]@[(null)] Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] ldb_wrap open of secrets.ldb auth_check_password_send: Checking password for unmapped user [SYNDOM]\[Administrator]@[(null)] auth_check_password_send: mapped user is: [SYNDOM]\[Administrator]@[(null)] Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] ldb_wrap open of secrets.ldb auth_check_password_send: Checking password for unmapped user [SYNDOM]\[Administrator]@[(null)] auth_check_password_send: mapped user is: [SYNDOM]\[Administrator]@[(null)] Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba