[Samba] Member Server in Active Directory
M Maki
mmaki at adelphia.net
Mon Jun 14 22:50:53 GMT 2004
I'm trying to join a Samba 3.0.4 (compiled from source on Debian) to an
Active Directory as a member server. I believe Kerberos is configured
correctly as kinit creates a ticket for the realm. Executables appear to have
support for Kerberos and LDAP (smbd -b | grep KRB and grep LDAP) return OK.
When I try to join the AD with
net ads join -U myadminusername
I'm prompted for my password but then get:
libads/ldap.c:ads_add_machine_acct(1006)
Host account for inpsamo-debian already exists - modifying old account
libads/ldap.c:ads_join_realm(1336)
ads_add_machine_acct: No such object
ads_join_realm: No such object
I only have admin rights for an ou of the Active Directory. Here is a Windows
LDP search of my ou:
ldap_search_s(ld, "DC=pwr,DC=int,DC=edited,DC=com", 2, "(ou=SAMO)", attrList,
0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: OU=SAMO,OU=Mediterranean Coast
Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com
2> objectClass: top; organizationalUnit;
1> ou: SAMO;
1> description: SAMO;
1> distinguishedName: OU=SAMO,OU=Mediterranean Coast
Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com;
1> name: SAMO;
1> canonicalName: pwr.int.edited.com/PWR/Mediterranean Coast Network/SAMO;
I guess my question is could it be how my realm is configured
(PWR.INT.EDITED.COM) or what else could keep me from joining the directory?
Current smb.conf:
[global]
unix charset = LOCALE
workgroup = PWR
realm = PWR.INT.EDITED.COM
server string = Samba 3.0.2
security = ADS
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
printcap name = CUPS
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = "Domain Users"
template shell = /bin/bash
winbind separator = +
printing = cups
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
Thanks for any ideas...
Mike
More information about the samba
mailing list