[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain

Rowland Penny rowlandpenny at googlemail.com
Wed Jun 3 14:57:49 MDT 2015 

On 03/06/15 21:29, ivenhov wrote:
> I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios:
> - user account that is used to join machine to domain is not part of Domain
> Admin group.
> - OU path for computer (specified in createcomputer) is invalid
>
> In both of those cases I'm getting detailed error messages: 'insufficient
> access' and 'invalid path' respectively but on customer site I'm always
> getting:
>
> Failed to join domain: failed to connect to AD: Cannot contact any KDC for
> requested realm
>
> Instead of valid error message
>
> I'm sure krb5.conf is OK because it has exactly the same details as server
> with Samba 3.6 (which could join domain).
> smb.conf has security = ads and correct realm.
>
> I can resolve DNS name of the KDC and AD. Reverse lookup is also OK.
> Time is correct on the server and is synced with NTP server.
>
> But I still cannot joint it to domain. Most recent error I get:
>
>
> saf_store: domain = [MYNAT], server = [BGB48DC1001.mynat.myco.bcu], expire =
> [1433259373]
> Adding cache entry with key=[SAF/DOMAIN/MYNAT] and timeout=[Tue Jun  2
> 15:36:13 2015 UTC] (900 seconds ahead)
> tdb_traverse with wipe_fn on gencache_notrans.tdb failed: Success
> saf_store: domain = [mynat.myco.bcu], server = [BGB48DC1001.mynat.myco.bcu],
> expire = [1433259373]
> Adding cache entry with key=[SAF/DOMAIN/MYNAT.MYCO.BCU] and timeout=[Tue Jun
> 2 15:36:13 2015 UTC] (900 seconds ahead)
> tdb_traverse with wipe_fn on gencache_notrans.tdb failed: Success
> KDC time offset is 0 seconds
> Found SASL mechanism GSS-SPNEGO
> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
> ads_sasl_spnego_bind: got server principal name =
> not_defined_in_RFC4178 at please_ignore
> ads_sasl_spnego_krb5_bind failed with:  Miscellaneous failure (see text) :
> Did not find a plugin for ccache_ops, calling kinit
> kerberos_kinit_password: as wal-sa-omtest at MYNAT.MYCO.BCU using
> [MEMORY:net_ads] as ccache and config
> [/var/cache/samba/smb_krb5/krb5.conf.MYNAT]
>
>
> kerberos_kinit_password wal-sa-omtest at MYNAT.MYCO.BCU failed: Cannot contact
> any KDC for requested realm
> libnet_Join:
>      libnet_JoinCtx: struct libnet_JoinCtx
>          out: struct libnet_JoinCtx
>              account_name             : NULL
>              netbios_domain_name      : 'MYNAT'
>              dns_domain_name          : 'mynat.myco.bcu'
>              forest_name              : 'myco.bcu'
>              dn                       : NULL
>              domain_sid               : *
>                  domain_sid               :
> S-1-5-21-73586283-854245398-682003330
>              modified_config          : 0x00 (0)
>              error_string             : 'failed to connect to AD: Cannot
> contact any KDC for requested realm'
>              domain_is_ad             : 0x01 (1)
>              result                   : WERR_GENERAL_FAILURE
> Failed to join domain: failed to connect to AD: Cannot contact any KDC for
> requested realm
> return code = -1
>
> I also get the same error on ubuntu 14.04 with Sernet Samba 4.2.2
>
> Any help appreciated
> D.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555p4686672.html
> Sent from the Samba - General mailing list archive at Nabble.com.

OK, can you post your smb.conf, krb5.conf and resolv.conf

Rowland

More information about the samba mailing list