TEST failed: Malformed representation of principal Failed to join domain: failed to connect to AD: Malformed representation of principal In samba-3.5.6-86.el6 there is a bug that causes samba fail in joining AD 2008 when using an user account from a trusted domain.
Cause: The password that you specified has been used before by this principal.
Solution: Choose a password that has not been chosen before, at least not within the number of passwords that are kept in the KDC database for each principal. Cause: Authentication with checksum was not negotiated with the client.
Event “4771: Kerberos pre-authentication failed.” generates instead.
Note A Kerberos Realm is a set of managed nodes that share the same Kerberos database.
[logging] default = FILE:/var/log/krb5kdc = FILE:/var/log/krb5admin_server = FILE:/var/log/[libdefaults] default_realm = EDMONSON. NET dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC [realms] EDMONSON. Now if you are planning on give your users home folders you need to make their directories.