Net ads join query.
Yogesh Kulkarni
yoknfs at gmail.com
Thu Jun 1 01:57:59 UTC 2017
On Wed, May 31, 2017 at 6:10 PM, Yogesh Kulkarni <yoknfs at gmail.com> wrote:
>
>
> On Wed, May 31, 2017 at 4:21 PM, Jeremy Allison <jra at samba.org> wrote:
>
>> On Wed, May 31, 2017 at 04:03:15PM -0700, Yogesh Kulkarni via
>> samba-technical wrote:
>> > Hi,
>> > I am trying to setup an SMB2 only environment, where the AD is a
>> windows
>> > 2012 with SMB1 disabled.
>> > I have setup the krb5.conf, smb.conf ldap.conf, resolv, hosts and
>> lmhosts
>> > to correct domain and AD.
>> > I tried kerberos kinit and that works fine.
>> >
>> > However, whenever I try to join the domain, I get message domain
>> > information failed.
>> > I am using
>> > * net ads join --kerberos -Uadministrator -d 10*
>> >
>> > ...
>> > libnet_Join:
>> > libnet_JoinCtx: struct libnet_JoinCtx
>> > out: struct libnet_JoinCtx
>> > account_name : NULL
>> > netbios_domain_name : NULL
>> > dns_domain_name : NULL
>> > forest_name : NULL
>> > dn : NULL
>> > domain_sid : NULL
>> > domain_sid : (NULL SID)
>> > modified_config : 0x00 (0)
>> > error_string : 'failed to lookup DC info for
>> domain
>> > 'xyz' over rpc: NT_STATUS_CONNECTION_RESET'
>> > domain_is_ad : 0x00 (0)
>> > result : WERR_NETNAME_DELETED
>> >
>> > Which can possibly be explained by the fact that SMB1 is turned off on
>> the
>> > server. I assume that turning off SMB1 would
>> > also turn off the RPC services.
>>
>> No, RPC services are also available over SMB2 and TCP.
>>
>
> Thanks Jeremy.
>
>
I was finally able to join successfully.
I observed that when no client version was specified SMB client fell back
to SMB1.
With
client min protocol = SMB2 ,
I got an error Failed to join domain: failed to lookup DC info for domain
'XYZ' over rpc: NT_STATUS_INVALID_PARAMETER_MIX
When I set the client max protocol to SMB3, it negotiated a higher dialect
and join was successful.
Thanks Jeremy for pointing me in the correct direction.
--Yogesh.
More information about the samba-technical
mailing list