[Samba] Getting an error when joing a windows 2003 domain
controller
Howard Wilkinson
howard at cohtech.com
Thu Nov 8 21:14:46 GMT 2007
David kacuba wrote:
> Im getting an erro while joing my domain in AD windows 2003
>
> [root at TESTSERVER etc]# net ads join -Uadministrator%password Using short domain name -- FAMILYENRICHMEN
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Deleted account for 'TESTSERVER' in realm 'FAMILYENRICHMENTNETWORK.LOCAL'
> Failed to join domain: Type or value exists
>
>
>
>
> here is my /etc/hosts
>
> 192.168.0.1 server1.familyenrichmentnetwork.local server1
>
This is your problem! The DOMAIN name is limited to 15 characters (so
are the host names but that includes a terminating $) so only use 14.
>
> here is my /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
> default_realm = FamilyEnrichmentNetwork.local
> dns_lookup_realm = NO
> default_etypes_des = des-cbc-crc des-cbc-md
> default_etypes_des = des-cbc-crc des-cbc-md5
> dns_lookup_kdc = NO
> ticket_lifetime = 2400
> forwardable = yes
> [realms]
> FamilyEnrichmentNetwork.local = {
> kdc = server1.FamilyEnrichmentNetwork.local
> default_domain = FamilyEnrichmentNetwork.local
> kdc = FamilyEnrichmentNetwork.local
> Kdc = 192.168.0.1
> admin_server = server1.FamilyEnrichmentNetwork.local
> }
>
> here is my smb.conf
>
> [global]
> log file = /var/log/samba/log.%m
> load printers = yes
> idmap gid = 10000-20000
> auth methods = winbind
> ntlm auth = no
> client use spnego = yes
> winbind trusted domains only = yes
> encrypt passwords = yes
> realm = FamilyEnrichmentNetwork.local
> winbind use default domain = yes
> use kerberos keytab = yes
> passdb backend = tdbsam
> netbios aliases = TESTSERVER
> cups options = raw
> server string = test server
> winbind enum users = yes
> idmap uid = 10000-20000
> password server = Server1.FamilyEnrichmentNetwork.local
> remote announce = 192.168.0.1
> workgroup = FamilyEnrichmen
> client lanman auth = no
> os level = 20
> winbind enum groups = yes
> server signing = auto
> security = ads
> max log size = 50
> # ----------------------- Domain Members Options ------------------------
> #
> # Security must be set to domain or ads
> # Use password server option only with security = server or if you can't
> # use the DNS to locate Domain Controllers
> # The argument list may include:
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> # password server = "
>
> ; security = ads
> ; passdb backend = tdbsam
> ; realm = FamilyEnrichmentNetwork.local
> ; password server = 192.168.0.1
>
> # ----------------------- Domain Controller Options ------------------------
> #
> # Security must be set to user for domain controllers
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
> #
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> #
>
> security = ads
> ; passdb backend = tdbsam
> ; domain master = no
> ; domain logons = no
> # the login script name depends on the machine name
> ; logon script = %m.bat
> # the login script name depends on the unix user used
> ; logon script = %u.bat
> ; logon path = \\%L\Profiles\%u
> # disables profiles support by specifing an empty path
> ; logon path =
> ; add user script = /usr/sbin/useradd "%u" -n -g users
> ; add group script = /usr/sbin/groupadd "%g"
>
>
> Thnaks for your help
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Email:
howard at cohtech.com
More information about the samba
mailing list