[Samba] Getting an error when joing a windows 2003 domain controller

Howard Wilkinson howard at cohtech.com
Thu Nov 8 21:14:46 GMT 2007


David kacuba wrote:
> Im getting an erro while joing my domain in AD windows 2003
>    
>   [root at TESTSERVER etc]# net ads join -Uadministrator%password                     Using short domain name -- FAMILYENRICHMEN
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Deleted account for 'TESTSERVER' in realm 'FAMILYENRICHMENTNETWORK.LOCAL'
> Failed to join domain: Type or value exists
>    
>    
>    
>    
>   here is my /etc/hosts 
>    
>   192.168.0.1 server1.familyenrichmentnetwork.local     server1
>   
This is your problem! The DOMAIN name is limited to 15 characters (so 
are the host names but that includes a terminating $) so only use 14.
>    
>   here is my /etc/krb5.conf
>   [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
>   [libdefaults]
>  default_realm = FamilyEnrichmentNetwork.local
>  dns_lookup_realm = NO
>  default_etypes_des = des-cbc-crc des-cbc-md
>  default_etypes_des = des-cbc-crc des-cbc-md5
>  dns_lookup_kdc = NO
>  ticket_lifetime = 2400
>  forwardable = yes
>   [realms]
>   FamilyEnrichmentNetwork.local = {
>   kdc = server1.FamilyEnrichmentNetwork.local
>   default_domain = FamilyEnrichmentNetwork.local
>   kdc = FamilyEnrichmentNetwork.local
>   Kdc = 192.168.0.1
>   admin_server = server1.FamilyEnrichmentNetwork.local
>  }
>
>   here is my smb.conf
>    
>   [global]
>         log file = /var/log/samba/log.%m
>         load printers = yes
>         idmap gid = 10000-20000
>         auth methods = winbind
>         ntlm auth = no
>         client use spnego = yes
>         winbind trusted domains only = yes
>         encrypt passwords = yes
>         realm = FamilyEnrichmentNetwork.local
>         winbind use default domain = yes
>         use kerberos keytab = yes
>         passdb backend = tdbsam
>         netbios aliases = TESTSERVER
>         cups options = raw
>         server string = test server
>         winbind enum users = yes
>         idmap uid = 10000-20000
>         password server = Server1.FamilyEnrichmentNetwork.local
>         remote announce = 192.168.0.1
>         workgroup = FamilyEnrichmen
>         client lanman auth = no
>         os level = 20
>         winbind enum groups = yes
>         server signing = auto
>         security = ads
>         max log size = 50
>   # ----------------------- Domain Members Options ------------------------
> #
> # Security must be set to domain or ads
>   # Use password server option only with security = server or if you can't
> # use the DNS to locate Domain Controllers
> # The argument list may include:
> #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> #   password server = "
>   
> ;       security = ads
> ;       passdb backend = tdbsam
> ;       realm = FamilyEnrichmentNetwork.local
>   ;       password server = 192.168.0.1
>    
>            # ----------------------- Domain Controller Options ------------------------
> #
> # Security must be set to user for domain controllers
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
> #
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> #
>
>           security = ads
> ;       passdb backend = tdbsam
>   ;       domain master = no
> ;       domain logons = no
>           # the login script name depends on the machine name
> ;       logon script = %m.bat
>         # the login script name depends on the unix user used
> ;       logon script = %u.bat
> ;       logon path = \\%L\Profiles\%u
>         # disables profiles support by specifing an empty path
> ;       logon path =
>   ;       add user script = /usr/sbin/useradd "%u" -n -g users
> ;       add group script = /usr/sbin/groupadd "%g"
>    
>    
>   Thnaks for your help
>    
>    
>    
>
>  __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>   


-- 

Howard Wilkinson

	

Phone:

	

+44(20)76907075

Coherent Technology Limited

	

Fax:

	

 

23 Northampton Square,

	

Mobile:

	

+44(7980)639379

United Kingdom, EC1V 0HL

	

Email:

	

howard at cohtech.com

 



More information about the samba mailing list