root@smb2:/home/adminlocal# net ads testjoin -d 4
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
doing parameter log file = /var/log/samba/samba.log
doing parameter log level = 5
doing parameter netbios name = SMB2
doing parameter workgroup = SAMDOM
doing parameter security = ADS
doing parameter realm = AD.SAMDOM.LOCAL
doing parameter encrypt passwords = yes
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter username map = /usr/local/samba/etc/samba_usermapping
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter clustering = Yes
doing parameter ctdbd socket = /usr/local/samba/var/run/ctdb/ctdbd.socket
doing parameter fileid:mapping = fsid
doing parameter vfs objects = fileid
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config SAMDOM:backend = ad
doing parameter idmap config SAMDOM:schema_mode = rfc2307
doing parameter idmap config SAMDOM:range = 10000-99999
doing parameter winbind nss info = rfc2307
doing parameter vfs objects = acl_xattr full_audit
doing parameter map acl inherit = Yes
doing parameter store dos attributes = Yes
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:success = mkdir rename unlink rmdir write
doing parameter full_audit:failure = read pread mkdir opendir rmdir telldir
doing parameter full_audit:facility = local7
doing parameter full_audit:priority = NOTICE
pm_process() returned Yes
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
doing parameter log file = /var/log/samba/samba.log
doing parameter log level = 5
doing parameter netbios name = SMB2
doing parameter workgroup = SAMDOM
doing parameter security = ADS
doing parameter realm = AD.SAMDOM.LOCAL
doing parameter encrypt passwords = yes
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter username map = /usr/local/samba/etc/samba_usermapping
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter clustering = Yes
doing parameter ctdbd socket = /usr/local/samba/var/run/ctdb/ctdbd.socket
doing parameter fileid:mapping = fsid
doing parameter vfs objects = fileid
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config SAMDOM:backend = ad
doing parameter idmap config SAMDOM:schema_mode = rfc2307
doing parameter idmap config SAMDOM:range = 10000-99999
doing parameter winbind nss info = rfc2307
doing parameter vfs objects = acl_xattr full_audit
doing parameter map acl inherit = Yes
doing parameter store dos attributes = Yes
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:success = mkdir rename unlink rmdir write
doing parameter full_audit:failure = read pread mkdir opendir rmdir telldir
doing parameter full_audit:facility = local7
doing parameter full_audit:priority = NOTICE
pm_process() returned Yes
added interface eth0 ip=192.168.254.4 bcast=192.168.254.255 netmask=255.255.255.0
added interface eth0 ip=192.168.254.11 bcast=192.168.254.255 netmask=255.255.255.0
added interface eth1 ip=10.10.10.2 bcast=10.10.255.255 netmask=255.255.0.0
db_open_ctdb: opened database 'g_lock.tdb' with dbid 0x4d2a432b
db_open_ctdb: opened database 'secrets.tdb' with dbid 0x7132c184
ads_dc_name: domain=SAMDOM
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:389 192.168.254.2:389 
Successfully contacted LDAP server 192.168.254.1
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
ads_dns_lookup_srv: 2 records returned in the answer section.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:88 192.168.254.2:88 
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
ads_dns_lookup_srv: 2 records returned in the answer section.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:88 192.168.254.2:88 
ads_dc_name: using server='DC1.AD.SAMDOM.LOCAL' IP=192.168.254.1
ads_dc_name: domain=SAMDOM
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:389 192.168.254.2:389 
Successfully contacted LDAP server 192.168.254.1
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
ads_dns_lookup_srv: 2 records returned in the answer section.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:88 192.168.254.2:88 
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
ads_dns_lookup_srv: 2 records returned in the answer section.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:88 192.168.254.2:88 
ads_dc_name: using server='DC1.AD.SAMDOM.LOCAL' IP=192.168.254.1
Successfully contacted LDAP server 192.168.254.1
Connected to LDAP server dc1.ad.SAMDOM.local
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: Preauthentication failed
ads_dc_name: domain=SAMDOM
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:389 192.168.254.2:389 
Successfully contacted LDAP server 192.168.254.1
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
ads_dns_lookup_srv: 2 records returned in the answer section.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:88 192.168.254.2:88 
get_dc_list: preferred server list: "dc1.ad.SAMDOM.local, *"
ads_dns_lookup_srv: 2 records returned in the answer section.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.1:88 192.168.254.2:88 
ads_dc_name: using server='DC1.AD.SAMDOM.LOCAL' IP=192.168.254.1
Successfully contacted LDAP server 192.168.254.1
Connected to LDAP server dc1.ad.SAMDOM.local
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: Preauthentication failed
Join to domain is not valid: Logon failure
return code = -1