[Samba] Unable to join to Windows 2003 PDC using samba 3.5.8 from alinux machine!!

Rick Gates rick123.gates at gmail.com
Tue Apr 5 12:29:12 MDT 2011 

Hi all,

I was on a bit extended weekend .. so got delayed in responding ...

To answer some of the questions:

>>Is the ADS domain in "NT4 compatibility" mode or "windows 2003 native"
mode?    I think that "NT4" machines can still join ADS domains even if the
ADS domains are in 2000/2003 mode.

I am not sure about this.
How can I find this out?
I still will have to do some googling on this front.

>> Also check
   testparm -v | grep resolve
think it is better to have hosts and wins first.

I have now set the value of "name resolve order" to:

# /usr/local/samba/bin/testparm -sv | grep -i resolve
Load smb config files from /usr/local/samba/lib/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Linux]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
        name resolve order = wins host lmhost bcast
#

I set it to WINS first because, my ADS server is a WINS server.
But, the above modificatiosn did not work.

>>Is the ADS server your DNS server?  Is the samba server using the ADS
server as the DNS server?  DNS should include "resource records" to help
locate an ADS DC.  I don't think you can have lmhosts entry for an ADS
server.

My ADS server is a WINS server, not a DNS server.

>>What does your krb5.conf look like?  I suspect it's having trouble
finding a kdc.

My krb5.conf is as follows:

# cat /etc/krb5.conf
[libdefaults]
default_realm = ABCDOM.PQR.COM
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac

[realms]
ABCDOM.PQR.COM = {
kdc = 10.25.66.71 :88
admin_server = 10.25.66.71
default_domain = abcdom.pqr.com
}

[domain_realm]
.abcdom.pqr.com = ABCDOM.PQR.COM

#

Regards,
Rick


On Sat, Apr 2, 2011 at 3:22 AM, Andrew Masterson <
andrew.masterson at nuvistaenergy.com> wrote:

>
> > -----Original Message-----
> > From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org]
> > On Behalf Of Rick Gates
> > Sent: Friday, April 01, 2011 10:00 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Unable to join to Windows 2003 PDC using samba 3.5.8
> from
> > alinux machine!!
> >
> > Hi all,
> >
> > I am using samba 3.5.8 on a linux machine.
> > I am not able to join the domain of a windows 2003 server in ADS mode.
> >
> > I am getting the following error message:
> >
> > # /usr/local/samba/bin/net ads join -U Administrator%password -I
> 10.25.66.71
> >
> > Failed to join domain: failed to find DC for domain ABCDOM.PQR.COM
> > #
> >
> > I am not sure what the issue here.
> > It works absolutely fine when I try to join the domain in rpc mode.
> >
> > # /usr/local/samba/bin/net rpc join -U Administrator%password
> > Joined domain ABCDOM.
> > #
> >
> > The smb.conf used is:
> >
> > # /usr/local/samba/bin/testparm
> > Load smb config files from /usr/local/samba/lib/smb.conf
> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384)
> > Processing section "[homes]"
> > Processing section "[printers]"
> > Processing section "[Linux]"
> > Loaded services file OK.
> > Server role: ROLE_DOMAIN_MEMBER
> > Press enter to see a dump of your service definitions
> >
> > [global]
> >         workgroup = ABCDOM
> >         realm = ABCDOM.PQR.COM
> >         server string = Samba Server - Research
> >         security = ADS
> >         password server = 10.25.66.71
> >         log level = 10
> >         log file = /var/log/samba/%m.log
> >         max log size = 50
> >         add user script = /usr/sbin/useradd %u
> >         delete user script = /usr/sbin/userdel %u
> >         add group script = /usr/sbin/groupadd %g
> >         delete group script = /usr/sbin/groupdel %g
> >         add user to group script = /usr/sbin/usermod -a -G %g %u
> >         delete user from group script = /usr/sbin/deluser %u %g
> >         add machine script = /usr/sbin/adduser -n -g machines -c
> Machine -d
> > /dev/null -s /bin/false %u
> >         domain master = No
> >         dns proxy = No
> >         wins server = 10.25.66.71
> >         idmap uid = 200-120000
> >         idmap gid = 200-120000
> >         admin users = root
> >         cups options = raw
> >
> > [homes]
> >         comment = Home Directories
> >         read only = No
> >         browseable = No
> >
> > [printers]
> >         comment = All Printers
> >         path = /usr/spool/samba
> >         printable = Yes
> >         browseable = No
> >
> > [Linux]
> >         comment = Share on this linux machine
> >         path = /tmp/linux
> >         read only = No
> > #
> >
> > NOTE: 10.25.66.71 is the IP of my 2003 windows server.
> >
> > My lmhosts file is:
> >
> > # cat lmhosts.
> > 10.25.66.71 ABC3
> > 10.25.66.71 ABCDOM#1b
> > 10.25.66.71 ABCDOM#1c
> >
> > #
> >
> > It would be great, if any one can tell me if there is anything wrong
> here
> > and probably help me sort out this issue.
> > Thanks in advance!!
>
>
> What does your krb5.conf look like?  I suspect it's having trouble
> finding a kdc.
>
> -=Andrew
>

More information about the samba mailing list