[Samba] Samba 3.0.2 Joining an active directory domain

STYMA, ROBERT E (ROBERT) stymar at lucent.com
Thu Sep 2 17:50:00 GMT 2004 

I am posting this in the hope it helps someone else.


I have been pulling my hair out chasing a problem getting a Linux node running Samba to
join an active directory domain controller (KDC).  I did a lot of research searching
for error messages in Google groups and Google web and did not find an suitable answer.

The problem was that the second of 9 Linux boxes I was adding to the domain insisted
on getting the Kerberos information right.  The first box had joined cleanly, the other
boxes kept failing, even when I got the "Organizational Unit" data correct.
Kerberos was turned off on these Linux boxes as they lived in a lab environment.


Messages I searched on:   (real names changed)

"Unable to find a suitable server"


[2004/09/01 12:36:22, 0] libads/kerberos.c:ads_kinit_password(133)
  kerberos_kinit_password myid at mydomain failed: Cannot find KDC for requested realm

realm must be set in in smb.conf for ADS join to succeed.


realm of remote server (correct domain) and realm in smb.conf (wrong domain) DO NOT match.  Aborting join


ads_join_realm: organizational unit member does not exist (dn:ou=member,dc=dnsname1,dc=dnsname2,dc=COM)



[2004/09/01 14:29:56, 0] libads/ldap.c:ads_add_machine_acct(1006)
  Host account for netbiosname already exists - modifying old account
[2004/09/01 14:29:56, 0] libads/ldap.c:ads_join_realm(1342)
  ads_add_machine_acct: No such object
ads_join_realm: No such object



The command being used was variations on:

net rpc join  -U Administrator   -w MYDOMAIN -S MyKDCNode


Solution:
In my case, the solution revolved about the fact that the lab nodes 
that failed had two NIC cards.  One to the corporate network and 
one to a non-routable network chaining them together.
Adding the  line:
    interfaces = 192.168.199.155/24 
to the /etc/samba/smb.conf file made the problem go away and the
join worked.


Robert E. Styma
Principal Engineer (DMTS)
Lucent Technologies, Phoenix
Email: stymar at lucent.com
Phone: 623-582-7323
FAX:   623-581-4390
Company:  http://www.lucent.com
Personal: http://www.swlink.net/~styma

More information about the samba mailing list