Quest of SUSE 10 with Server2k8 AD authentication

Danie Wessels Danie.Wessels at
Thu Feb 13 04:56:45 MST 2014

>> >>As part of the net ads join process, the machine is registered. 
>> registered as what?
>> as Domain Controller in the domain
 - IF realm is set to domain and security = user?
>> as Computer on Domain
  - IF security = ads?

> net ads join will join the computer to the domain and register its name in DNS. Hence the DNS server must be able to work out the name of the computer _before_ you issue the the command. Hence:
>> >> If it is not then the DC does not know the fqdn of the VM.
Is it meant that FQDN of machine (1) should be resolvable (by DNS) before attempting join.
{ Maybe I should draw a picture of this and add it to the samba docs.. :^) }
>> >> An easy way to make sure is to un-join, add the fqdn to the localhost line in hosts.conf and rejoin.
> You can still join, but that first dns update is vital if you want to avoid issues later.
And to remove it altogether would a
  net ads leave -U"someadmin"%"passwd" {from the machine} be sufficient?
  Or is manual action for a DC on AD also required?

Do I need to be a Domain Controller (as machine 1) to authenticate AD users on local machine 1 for login?
(Here I suppose I have to assign manually the AD users to the local Linux login group.
 This will not be an issue because I think this is what had happened.)

It seems once again here that the AD/DNS setup is faulty (not stable).
 - I have asked the AD admin to fix recurring static IPs for the old machine 1 and 2 with same names as their VMs
  (we only had old physical machine 2 on last Thursday for a while)
 - This is causing that a mount share for machine 2 on 1 is not available for 2.

> Steve

Every bit of the picture makes it clearer!
Danie W

The perusal, use, dissemination, copying or storing of this message or its attachments and the opening of attachments is subject to PBMR's standard email disclaimer available at internet address: - Disclaimer or on request from the sender.

More information about the samba-technical mailing list