During some troubleshooting I deleted the machine account for a Linux server running samba from our AD 2003 domain. We are using Kerberos for authentication, and after I deleted the machine account I tried to join the domain again using
net ads join -U Administrator
But I keep getting Kerberos errors like these:
[2009/08/18 16:14:36, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password [email protected] failed: Client not found in Kerberos database
Failed to join domain: Improperly formed account name
It appears as if samba remembers that it once had an account with the AD and keeps trying to reconnect to it, but I want to create a new account from scratch. I tried to delete all the .tdb files I could find as well as everything under /var/cache/samba but to no avail - it still behaves the same.
I also tried to create the machine account on the AD side, but then I get a similar error when I try to join, about failure to authenticate with the machine account - it looks like samba tries the previous machine account password and I don't know how to reset it, or even if I could figure out what samba uses - how to set it in the AD.
Any help would be greatly appreciated, as at this point the only thing I can think about is to reformat and reinstall the machine, and I would really REALLY love to not do that.
Thanks in advance.
First run a kdestory to remove any reference to the machine account in the local kerberos cache, then manually run kinit [email protected] and enter the password.
Then run the net ads join command.
This should give you the kerberos trust to create the machine account without having to try and use the old machine account credentials.
Have you recreating your .tdb file with the smbpasswd command?
Have you tried running the "net ads leave" command prior to re-joining? It will probably fail on the AD part of it, since the computer account was already deleted on the AD side.
Do a quick experiment, change samba name in smb.conf to something else and try.