[Samba] Failed to verify incoming ticket! When clients use netbios names only!

Martin Zielinski mz at seh.de
Mon Apr 16 06:56:52 GMT 2007


Hi,

the "Failed to join domain: Type or value exists" is caused, when the 
machine_name is equal to the fqdn.

This is the case, e.g. if the /etc/hosts file contains only the short 
name. The server reports the error and "net" aborts although the join 
itself was successfull.

There are serveral issues with the "hostname vs. domainname" thing under 
linux.
E.g. the missing driver listings when using the fqdn accessing the samba 
server.
I've added a getdomainname() call in the get_mydnsfullname() function in 
  lib/util.c if the gethostname() call does not contain a ".".
Then the comparison in is_myname() succeeds and the drivers are listed.

But the manpage says, getdomainname() is *not* POSIX. So this all might 
end in a configuration issue of the hostname.

Regards,

~ Martin


Hansjörg Maurer schrieb:
> Hi
> 
> we see the similar messages too.
> 
> Gerald (Jerry) Carter wrote:
>> m.bland wrote:
>>
>>> thor:/var/log/samba# cat /etc/samba/smb.conf
>>> [global]
>>> workgroup = DOMAIN
>>> realm = DOMAIN
>> Are these really the same value ?
> do they have to?
> When I try to set them to the same value I get the following message
> when joining the domain.
> 
> [root at rmvbs02 root]# net ads join  -U Admin
> Admin's password:
> The workgroup in /etc/samba/smb.conf does not match the short
> domain name obtained from the server.
> Using the name [DOMNAME] from the server.
> You should set "workgroup = DOMNAME" in /etc/samba/smb.conf.
> Using short domain name -- DOMNAME
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Deleted account for 'RMVBS02' in realm 'REALM'
> Failed to join domain: Type or value exists
> 
> 
> But we have a DNS not matching the REALM.
> 
> Could this lead to this problem?
> 
> (the above join only works with net rpc join, even while User Admin has
> full rights on the domain)
> 
> Greetings
> 
> hansjörg
> 
>> ...
>>
>>> thor:/var/log/samba# cat /etc/krb5.conf
>>> [libdefaults]
>>>  default_realm = DOMAIN.NAME
>>
>>
>>
>>
>>
>> cheers, jerry
> 

-- 
Martin Zielinski             mz at seh.de
Software Development
SEH Computertechnik GmbH     www.seh.de



More information about the samba mailing list