Recently Ben and I have been trying to get a FreeBSD box to join an Active Directory domain. The domain controller was running Windows Server 2008. After a *lot* of stuffing around to get this working we finally found the solution to our problem – the version of samba.
\nYou see the problem we were facing was:<\/p>\n
# net ads join -U cis-closebs\r\ncis-closebs's password:\r\nFailed to join domain: Improperly formed account name<\/pre>\nNow we checked the logs, checked kerberos, samba, but could not get this working. The debug logs showed something but nothing really useful:<\/p>\n
# net ads join -U cis-closebs\r\ncis-closebs's password:\r\nFailed to join domain: Improperly formed account name\r\n# net ads join -d 3 -U cis-closebs\r\n[2009\/02\/02 12:55:26, 3] param\/loadparm.c:lp_load(5031)\r\n lp_load: refreshing parameters\r\n[2009\/02\/02 12:55:26, 3] param\/loadparm.c:init_globals(1430)\r\n Initialising global parameters\r\n[2009\/02\/02 12:55:26, 3] param\/params.c:pm_process(572)\r\n params.c:pm_process() - Processing configuration file \"\/usr\/local\/etc\/smb.conf\"\r\n[2009\/02\/02 12:55:26, 3] param\/loadparm.c:do_section(3770)\r\n Processing section \"[global]\"\r\n[2009\/02\/02 12:55:26, 2] lib\/interface.c:add_interface(81)\r\n added interface ip=130.220.236.62 bcast=130.220.237.255 nmask=255.255.254.0\r\n[2009\/02\/02 12:55:26, 3] libsmb\/namequery.c:get_dc_list(1489)\r\n get_dc_list: preferred server list: \"130.220.64.77, uninet.unisa.edu.au, *\"\r\n[2009\/02\/02 12:55:26, 3] libads\/ldap.c:ads_connect(394)\r\n Connected to LDAP server 130.220.64.77\r\n[2009\/02\/02 12:55:26, 3] libsmb\/namequery.c:get_dc_list(1489)\r\n get_dc_list: preferred server list: \"130.220.64.77, uninet.unisa.edu.au, *\"\r\n[2009\/02\/02 12:55:26, 3] libsmb\/namequery.c:get_dc_list(1489)\r\n get_dc_list: preferred server list: \"130.220.64.77, uninet.unisa.edu.au, *\"\r\ncis-closebs's password:\r\n[2009\/02\/02 12:55:27, 3] libsmb\/namequery.c:get_dc_list(1489)\r\n get_dc_list: preferred server list: \"130.220.64.77, uninet.unisa.edu.au, *\"\r\n[2009\/02\/02 12:55:27, 3] libads\/ldap.c:ads_connect(394)\r\n Connected to LDAP server 130.220.64.77\r\n[2009\/02\/02 12:55:27, 3] libads\/sasl.c:ads_sasl_spnego_bind(213)\r\n ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2\r\n[2009\/02\/02 12:55:27, 3] libads\/sasl.c:ads_sasl_spnego_bind(213)\r\n ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2\r\n[2009\/02\/02 12:55:27, 3] libads\/sasl.c:ads_sasl_spnego_bind(213)\r\n ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3\r\n[2009\/02\/02 12:55:27, 3] libads\/sasl.c:ads_sasl_spnego_bind(213)\r\n ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10\r\n[2009\/02\/02 12:55:27, 3] libads\/sasl.c:ads_sasl_spnego_bind(222)\r\n ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore\r\n[2009\/02\/02 12:55:27, 3] libsmb\/clikrb5.c:ads_krb5_mk_req(593)\r\n ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)\r\n[2009\/02\/02 12:55:27, 1] libsmb\/clikrb5.c:ads_krb5_mk_req(602)\r\n ads_krb5_mk_req: krb5_get_credentials failed for not_defined_in_RFC4178@please_ignore (Server not found in Kerberos database)\r\n[2009\/02\/02 12:55:27, 1] utils\/net_ads.c:net_ads_join(1470)\r\n error on ads_startup: Server not found in Kerberos database\r\nFailed to join domain: Improperly formed account name\r\n[2009\/02\/02 12:55:27, 2] utils\/net.c:main(1036)\r\n return code = -1<\/pre>\nTurns out that it was the version of samba we were using. Version 3.0.28 had issues with joining a Windows Server 2008 Active Directory domain. This was fixed in Samba 3.0.28a and as can be seen with the FreeBSD ports commit<\/a>:<\/p>\n