[Samba] Joining ADS: unodocumented error

Alessandro Baretta alessandro.baretta at radiomaria.org
Mon Nov 24 10:56:22 GMT 2008


Cool dude! It works. Here's a transcript.

> samba:~# net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- ARM
> Joined 'SAMBA' to realm 'arm.priv'
> [2008/11/24 10:52:15,  0] libads/kerberos.c:ads_kinit_password(356)
>   kerberos_kinit_password SAMBA$@ARM.PRIV failed: Client not found in 
> Kerberos database
> No DNS domain configured for samba. Unable to perform DNS Update.
> DNS update failed!

I'll need to tweak something in the DNS, but that should not be a major 
issue at this point.

Thanks a lot!

Alessandro Baretta

World Family of Radio Maria
http://www.radiomaria.org/

tel. +39 0332 228 150
fax. +39 0332 222 411
cel. +39 335 830 3189
skype alex.baretta
ekiga alexbaretta at ekiga.net



pablo at compugenic.com wrote:
> On Mon, Nov 24, 2008 at 03:47:52AM +0100, Alessandro Baretta wrote:
>   
>> Hi everyone,
>>
>> I am trying to set up a file server on Linux for Windows XP boxes in a  
>> Windows Server 2003 environment. I followed an excellent tutorial on  
>> Samba and ADS, which I recommend to all newbies like myself:  
>> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081.  
>> Kerberos authentication seems to succeed, and apparently there is  
>> nothing wrong with my smb.conf file, yet when I try to add the server to  
>> the ADS I get the following error message: "Failed to join domain:  
>> Invalid configuration and configuration modification was not requested".  
>> This error seems to be undocumented: I have found nothing either on  
>> Google or on the samba.org site.
>>
>> Here's a transcript of a shell session showing this error.
>>
>>
>> samba:~# kinit
>> Password for Administrator at ARM.PRIV: <--- Authentication succeeds
>> samba:~# testparm
>> Load smb config files from /etc/samba/smb.conf
>> Processing section "[homes]"
>> Processing section "[fileserver]"
>> Processing section "[printers]"
>> Processing section "[print$]"
>> Loaded services file OK.
>> Server role: ROLE_DOMAIN_MEMBER
>> Press enter to see a dump of your service definitions
>>
>> [global]
>>    workgroup = ARM.PRIV
>>    realm = ARM.PRIV
>>    server string = File server avanzato
>>    security = ADS
>>    log level = 3
>>    syslog = 0
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    panic action = /usr/share/samba/panic-action %d
>>    idmap uid = 10000-20000
>>    idmap gid = 10000-20000
>>
>> [homes]
>>    comment = Home Directories
>>    valid users = %S
>>    create mask = 0700
>>    directory mask = 0700
>>    browseable = No
>>
>> [fileserver]
>>    comment = Cartelle condivise
>>    path = /var/samba
>>    read only = No
>>    create mask = 0700
>>
>> [printers]
>>    comment = All Printers
>>    path = /var/spool/samba
>>    create mask = 0700
>>    printable = Yes
>>    browseable = No
>>
>> [print$]
>>    comment = Printer Drivers
>>    path = /var/lib/samba/printers
>> samba:~# net ads join -U administrator
>> Enter administrator's password:
>> Failed to join domain: Invalid configuration and configuration  
>> modification was not requested
>>                        
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> If I mistype the password I get a different error message:
>> samba:~# net ads join -U administrator%wrongpassword
>> Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV'  
>> over rpc: Logon failure
>>
>>
>> Can anyone help me?
>>
>> -- 
>> Alessandro Baretta
>>
>> World Family of Radio Maria
>> http://www.radiomaria.org/
>>
>> tel. +39 0332 228 150
>> fax. +39 0332 222 411
>> cel. +39 335 830 3189
>> skype alex.baretta
>> ekiga alexbaretta at ekiga.net
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>     
>
> Alessandro,
>
> I was able to reproduce your problem on my virtual machines. By that I
> mean that in trying to join a 2003 domain in ADS mode, I get the exact
> same error as you.
>
> I was able to solve it as explained below.  Keep in mind that the same
> error may be caused by different problems.  
>
> My test domain name is 'DOMAIN', and my realm is 'DOMAIN.COM'.  
>
> Setting either of the of 2 following lines caused the error indicated:
> workgroup   = DOMAIN.COM
> or
> realm       = DOMAIN
>
> Setting as follows, I joined the domain no problem.
> workgroup   = DOMAIN
> realm       = DOMAIN.COM
>
> So it appears the domain name is the leftmost portion of the REALM, and
> the REALM must be the entire name.  Anything else will fail.
>
> So try changing your workgroup line setting it as follows:
> workgroup = ARM
>
> I believe you will then be able to join sambe to the 2003 domain.
>
> Give it a shot and let me know.
>
> --
> Pablo
>
>   


More information about the samba mailing list