[Samba] Problems after PC is joined to the domain - Samba 4

Theodotos Andreou theo at ubuntucy.org
Fri May 30 05:08:56 MDT 2014 

On 05/30/2014 01:53 PM, steve wrote:
> On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:
>> Hello SAMBA community,
>>
>> I used this guide to join a PC to the domain as member using samba 4:
>> https://wiki.samba.org/index.php/Samba4/Domain_Member
>>
>> I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The
>> stock samba version is:
>>
>> # samba --version
>> Version 4.1.6-Ubuntu
>>
>> When I tried to join the PC to the domain I got:
>>
>> # net ads join -U admin
>> kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in Kerberos database
>> Failed to join domain: failed to connect to AD: Client not found in Kerberos database
>>
>> Nevertheless the PC was joined to the domain despite the above error and
>> proceeded with the following steps. But when I try the lists the users
>> using 'wbinfo -u' I get some strange behavior. The command takes too
>> long to complete and it then gives:
>>
>> # wbinfo -u --verbose
>> FOREST\usbms_somepcname
>>
>> The second time I run the command it takes again too long but it gives
>> out the complete list of AD users. But when I try to login as a
>> particular user though I get:
>>
>> # su - myusername
>> No passwd entry for user 'myusername'
>> # id myusername
>> id: myusername: no such user
>>
>> This is my smb.conf:
>>
>> # cat /etc/samba/smb.conf
>>    [global]
>>
>>      netbios name = MYPCNAME
>>      workgroup = DOM
>>      security = ADS
>>      realm = DOM.FOREST.INT
>>      encrypt passwords = yes
> Hi
> try:
> add
> kerberos method = system keytab
> to [global]
> and issue:
> net ads keytab create -Uadmin
> (ru sure admin has sufficient privs to add machines?)?
>
>
I added that line and it gives:

# net ads keytab create -U 'DOM\admin'
Enter DOM\admin's password:
kerberos_kinit_password DOM\admin at DOM..INT failed: Client not found in Kerberos database
kerberos_kinit_password DOM\admin at LIM.TEPAK.INT failed: Client not found in Kerberos database

After omitting 'DOM\' from the username it gives:

# net ads keytab create -U 'admin'
Enter admin's password:
ads_get_dnshostname: No dNSHostName attribute!
../source3/libads/kerberos_keytab.c:328: unable to determine machine account's dns name in AD!

I have changed the true username and domain name for reason of paranoia 
:) but I am certain that the user I use is a domain admin.

More information about the samba mailing list