I wanted to share my experience with joining a samba server to 2008 domain controller.
I recently added Active Directory Windows Server 2008 to my domain, I still have 2003 AD running as backup for the moment. The AD 2008 holds all fsmo roles.
Under RHEL 6 (samba 3.4) you can make the AD 2008 as the password server in smb.conf and kerberos kdc/admin server using authconfig-tui and join to the network. shares through hostname,IP,cnames works no problem on windows xp,7 clients and windows 2003 server.
Under RHEL 5 (samba-3.0.33) When you specify AD 2008 as the kerberos kdc and admin server, you cannot access the shares at all, windows system comes back with an error "network path is invalid" and on the linux samba server the error reports:
samba3x for RHEL5 solved all my issues, I could access machines using cnames ip address the lot. Very happy.
Error was NT_STATUS_INVALID_PARAMETER.
Just this morning I was tidying up my /etc/krb files manually as I had loads of duplicate entries for kdc's.
Just as a test I tried to rejoin to the domain to ensure everything worked fine. This failed, I got the following error:
I thought I was trying the password out wrong, so I tried serveral times. No luck! I got the same error plus an additional error.
kerberos_kinit_password <HOSTNAME> Preauthentication failed
I used authconfig-tui to check kerberos settings. For some reason the duplicates I thought I had removed were still there. So I cleaned up the duplicated and saved changes using tui. When I tried to rejoin to the AD domain, it worked!!
failed to lookup DC info for domain over rpc
Just to test to see if I could break it again I manually editied the krb files and tried to join the domain, and as expected (though I was wishing it more) it broke!
Question: When using authconfig-tui are these the only files to be updated?