[Samba] Can I use net ads join without DNS

andy.marr at bt.com andy.marr at bt.com
Wed Sep 16 11:01:04 MDT 2009 

Cheers Volker 

I used your option and I've also found the password server option in the
smb.conf. Im running both and seem to have got a bit further.

But now I'm getting a different error. I'm not sure if the problem is
still DNS.

The ADS server is not in DNS and in a different domain to my SAMBA
server.

Here is the error I'm now getting

[root at fgukshppay001] #  /usr/sfw/sbin/net join ads -Uadmandymarr
-Sfgukcbradc001
admandymarr's password:
Bad option: ads
Failed to join domain: Invalid parameter
ADS join did not work, falling back to RPC...
Could not connect to server fgukcbradc001
The username or password was not correct.
[2009/09/16 17:58:00, 0] utils/net_rpc_join.c:(81)
  net_rpc_join_ok: failed to get schannel session key from server
fgukcbradc001 for dom
ain FGPREPROD. Error was NT_STATUS_ACCESS_DENIED
Unable to join domain FGPREPROD.


All is the same as original post except the following added to smb.conf
password server = 10.193.33.133   -- which the ip of fgukcbradc001 the
ADS server


When I run a debug level 3 I can see the following after I enter the
password
admandymarr's password:
[2009/09/16 17:55:14, 3] libads/ldap.c:(394)
  Connected to LDAP server 10.193.33.133
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2009/09/16 17:55:14, 3] libads/sasl.c:(300)
  ads_sasl_spnego_bind: got server principal name =
fgukcbradc001$@FGPREPROD.COM
[2009/09/16 17:55:14, 3] libsmb/clikrb5.c:(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
file found)
[2009/09/16 17:55:14, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Thu, 17 Sep 20
09 03:55:14 BST
[2009/09/16 17:55:14, 3] libads/ldap.c:(394)
  Connected to LDAP server 10.193.33.133
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2009/09/16 17:55:14, 3] libads/sasl.c:(291)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2009/09/16 17:55:14, 3] libads/sasl.c:(300)
  ads_sasl_spnego_bind: got server principal name =
fgukcbradc001$@FGPREPROD.COM
[2009/09/16 17:55:14, 3] libsmb/clikrb5.c:(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
Thu, 17 Sep 20
09 03:55:14 BST
Bad option: ads
Failed to join domain: Invalid parameter
ADS join did not work, falling back to RPC...


-----Original Message-----
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] 
Sent: 16 September 2009 17:28
To: Marr,A,Andy,DGE62 C
Cc: samba at lists.samba.org
Subject: Re: [Samba] Can I use net ads join without DNS

On Wed, Sep 16, 2009 at 03:10:38PM +0100, andy.marr at bt.com wrote:
> Hi Samba people
> 
> I'm trying to join a Solari10 server using Samba Version 3.0.33 server

> to an ADS. But the ADS is not in DNS.
> 
> I thought I could get round this by putting the ADS IP in the servers 
> local hosts file, and telling the krb5.conf not to use dns but it 
> doesn't seem to work.
> 
> 1. Can it be done ?
> 2. If it can how ?

Can you try -S <servername> as an argument to the net ads join?

Volker

More information about the samba mailing list