[Samba] joining an AD

Guillermo Gutierrez ggutierrez at marketscan.com
Tue Jan 29 01:59:09 GMT 2008 

You may just have to join it to the domain and then move it manually
into the OU through windows.

Unless you upgrade to a newer version of samba that supports that
feature.

-----Original Message-----
From: Calderon, Willy (NIH/NINDS) [C] [mailto:calderow at ninds.nih.gov] 
Sent: Monday, January 28, 2008 5:15 PM
To: Guillermo Gutierrez; samba at lists.samba.org
Subject: RE: [Samba] joining an AD

Thanks for this. The problem appears to be that I can't create the
workstation in the OU.  I can use my same credentials to log into the AD
and create a workstation in that OU through Windows but not through
Linux.

# net help ads join
net ads join [options]
Valid options:
   createupn[=UPN]    Set the userPrincipalName attribute during the
join.
                      The deault UPN is in the form
host/netbiosname at REALM.
   createcomputer=OU  Precreate the computer account in a specific OU.
                      The OU string read from top to bottom without RDNs
and delimited by a '/'.
                      E.g. "createcomputer=Computers/Servers/Unix"
                      NB: A backslash '\' is used as escape at multiple
levels and may
                          need to be doubled or even quadrupled.  It is
not used as a separator


So when I try

# net ads join createcomputer="Servers/Windows/Computers/AD" -U
willy%password 


Failed to pre-create the machine object in OU
createcomputers=Servers/Windows/Computers/AD.
[2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533)
  error calling net_precreate_machine_acct: No such object
Failed to join domain: No such object
[2008/01/28 20:15:30, 2] utils/net.c:main(1032)
  return code = -1


*   *   *   *
Willy Calderon
Contractor - LCG Systems
Unix Systems Administrator
Bldg. 10, NIH/NINDS
Tel: 301 435 1913



-----Original Message-----
From: Calderon, Willy (NIH/NINDS) [C]
Sent: Mon 1/28/2008 7:58 PM
To: Guillermo Gutierrez; samba at lists.samba.org
Subject: RE: [Samba] joining an AD
 
Thanks. I keep getting this error every time I log in now with the
options you've given below


[2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521)
  Found SASL mechanism GSS-SPNEGO
[2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = nihdc$@NIH.GOV
[2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610)
  ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew
[2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Tue, 29 Jan 2008 05:50:25 EST
Bad option: SEVERN
Failed to join domain: Invalid parameter
[2008/01/28 19:49:22, 2] utils/net.c:main(1032)
  return code = -1




 

*   *   *   *
Willy Calderon
Contractor - LCG Systems
Unix Systems Administrator
Bldg. 10, NIH/NINDS
Tel: 301 435 1913



-----Original Message-----
From: Guillermo Gutierrez [mailto:ggutierrez at marketscan.com]
Sent: Mon 1/28/2008 4:57 PM
To: Calderon, Willy (NIH/NINDS) [C]; samba at lists.samba.org
Subject: RE: [Samba] joining an AD
 
Whoops,

The trailing (") should be at the end of the OU path, in your case after
the 'AD'.

The computername is a separate value that you are feeding it.

net ads join createcomputer="Servers/Windows/Computers/AD" computername

-----Original Message-----
From: Calderon, Willy (NIH/NINDS) [C] [mailto:calderow at ninds.nih.gov] 
Sent: Monday, January 28, 2008 1:59 PM
To: Guillermo Gutierrez; samba at lists.samba.org
Subject: RE: [Samba] joining an AD

Is there a trailing quote (") after computer name ?

 
*   *   *   *
Willy Calderon
Contractor - LCG Systems
Tel: 301 435 1913
 

-----Original Message-----
From: Guillermo Gutierrez [mailto:ggutierrez at marketscan.com] 
Sent: Monday, January 28, 2008 4:45 PM
To: Calderon, Willy (NIH/NINDS) [C]; samba at lists.samba.org
Subject: RE: [Samba] joining an AD

You have to use the "createcomputer" parameter if you want to specify
the OUs.

Ex: net ads join createcomputer="Servers/Windows/Computers/AD
computername

-----Original Message-----
From: samba-bounces+ggutierrez=marketscan.com at lists.samba.org
[mailto:samba-bounces+ggutierrez=marketscan.com at lists.samba.org] On
Behalf Of Calderon, Willy (NIH/NINDS) [C]
Sent: Monday, January 28, 2008 1:17 PM
To: samba at lists.samba.org
Subject: [Samba] joining an AD



Hi there -

I am trying to join the domain using the net ads join  command but keep
getting a " 

Bad option: Servers/Windows/Computers/AD
Failed to join domain: Invalid parameter

when I try to add the computer into the correct OU like so:

net ads join "Servers/Windows/Computers/AD



Is there a correct way to get this to work?

I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list