[Samba] net ads join : ads_connect: No logon servers
Douglas VanLeuven
roamdad at sonic.net
Wed Jan 30 20:13:43 GMT 2008
D G Teed wrote:
> Thanks very much, Douglas. That did the trick.
> I had not understood what realm represented in a dns
> style domain.
>
> It is also confusing that one lists a realm section,
> defining it...
>
> BEER = {
> kdc = ADC1.AD.BEERU.CA
> }
Sorry, missed that one too. Should be
AD.BEERU.CA = {
kdc = ADC1.AD.BEERU.CA
}
It's just that Kerberos doesn't know anything about workgroups in
windows and so there shouldn't be any workgroup names in krb5.conf,
only DNS names and REALM names. It worked because samba picked up the
Kerberos kdc from SRV records in DNS. BEER defines the .BEER realm
which doesn't exist.
>
> But then when providing the realm name in smb.conf, the
> handle isn't BEER, but rather the subdomain in
> which the AD controller lives.
>
> Regards,
>
> --Donald
>
> On Jan 30, 2008 3:37 PM, Douglas VanLeuven <roamdad at sonic.net> wrote:
>> Douglas VanLeuven wrote:
>>> D G Teed wrote:
>>>> I've been able to use security = ads in smb.conf, and connect OK,
>>>> but it must be falling back to domain. When I run net ads join
>>>> I get the error (debug trace below):
>>>>
>>>> ads_connect: No logon servers
>>>>
>>>> Here is my krb5.conf:
>>>>
>>>> [logging]
>>>> default = FILE:/var/log/krb5libs.log
>>>> kdc = FILE:/var/log/krb5kdc.log
>>>> admin_server = FILE:/var/log/kadmind.log
>>>> [libdefaults]
>>>> default_realm = BEER
>>>> [realms]
>>>> BEER = {
>>>> kdc = ADC1.AD.BEERU.CA
>>>> }
>> Missed this on the last post.
>> default realm = AD.BEERU.CA
>>
>> Doug
>>
Regards, Doug
More information about the samba
mailing list