[Samba] Unable to join to Windows 2003 PDC using samba 3.5.8 from alinux machine!!

Rick Gates rick123.gates at gmail.com
Tue Apr 5 13:02:49 MDT 2011 

Hi Takahashi and all those in the list,

>>Sometimes AD specific configuration is needed to krb5.conf.

What kind of "AD specific configuration" are you talking about.
Can you kindly elaborate?
It may be helpful for me.

>>Have you set DNS server to 10.25.66.71 and ABCDOM.PQR.COM to the
search or domain directive in your /etc/resolv.conf?
Can you resolve correct SRV record of the domain on your Samba server?

10.25.66.71  is not my DNS server.
In fact 10.25.66.71  is my WINS server.
I have therefore included it in smb.conf:

# /usr/local/samba/bin/testparm -sv | grep -i wins
Load smb config files from /usr/local/samba/lib/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Linux]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
        name resolve order = wins host lmhost bcast
        max wins ttl = 518400
        min wins ttl = 21600
        wins proxy = No
*        wins server = 10.25.66.71*
        wins support = No
        wins hook =
#

However, I cannot resolve ABCDOM.PQR.COM.
It should be taken care by WINS, right?

(However, I tried defining ABCDOM.PQR.COM in /etc/hosts file.
and also tried setting /etc/nsswitch.conf file with the entry of:
hosts: files dns
But, nslookup would always first try DNS and return.
Had resolved similar issues with above steps successful on unix machine ...
but I am now working on a RHEL machine and I have not yet found a successful
way to do this)

Any suggestions are welcome.

Regard,
Rick

On Tue, Apr 5, 2011 at 11:59 PM, Rick Gates <rick123.gates at gmail.com> wrote:

> Hi all,
>
> I was on a bit extended weekend .. so got delayed in responding ...
>
> To answer some of the questions:
>
>
> >>Is the ADS domain in "NT4 compatibility" mode or "windows 2003 native"
> mode?    I think that "NT4" machines can still join ADS domains even if the
> ADS domains are in 2000/2003 mode.
>
> I am not sure about this.
> How can I find this out?
> I still will have to do some googling on this front.
>
>
> >> Also check
>    testparm -v | grep resolve
> think it is better to have hosts and wins first.
>
> I have now set the value of "name resolve order" to:
>
> # /usr/local/samba/bin/testparm -sv | grep -i resolve
>
> Load smb config files from /usr/local/samba/lib/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[Linux]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
>         name resolve order = wins host lmhost bcast
> #
>
> I set it to WINS first because, my ADS server is a WINS server.
> But, the above modificatiosn did not work.
>
>
> >>Is the ADS server your DNS server?  Is the samba server using the ADS
> server as the DNS server?  DNS should include "resource records" to help
> locate an ADS DC.  I don't think you can have lmhosts entry for an ADS
> server.
>
> My ADS server is a WINS server, not a DNS server.
>
>
> >>What does your krb5.conf look like?  I suspect it's having trouble
> finding a kdc.
>
> My krb5.conf is as follows:
>
> # cat /etc/krb5.conf
> [libdefaults]
> default_realm = ABCDOM.PQR.COM
> default_tkt_enctypes = rc4-hmac
> default_tgs_enctypes = rc4-hmac
>
> [realms]
> ABCDOM.PQR.COM = {
> kdc = 10.25.66.71 :88
> admin_server = 10.25.66.71
> default_domain = abcdom.pqr.com
> }
>
> [domain_realm]
> .abcdom.pqr.com = ABCDOM.PQR.COM
>
> #
>
> Regards,
> Rick
>
>
>
> On Sat, Apr 2, 2011 at 3:22 AM, Andrew Masterson <
> andrew.masterson at nuvistaenergy.com> wrote:
>
>>
>> > -----Original Message-----
>> > From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org]
>> > On Behalf Of Rick Gates
>> > Sent: Friday, April 01, 2011 10:00 AM
>> > To: samba at lists.samba.org
>> > Subject: [Samba] Unable to join to Windows 2003 PDC using samba 3.5.8
>> from
>> > alinux machine!!
>> >
>> > Hi all,
>> >
>> > I am using samba 3.5.8 on a linux machine.
>> > I am not able to join the domain of a windows 2003 server in ADS mode.
>> >
>> > I am getting the following error message:
>> >
>> > # /usr/local/samba/bin/net ads join -U Administrator%password -I
>> 10.25.66.71
>> >
>> > Failed to join domain: failed to find DC for domain ABCDOM.PQR.COM
>> > #
>> >
>> > I am not sure what the issue here.
>> > It works absolutely fine when I try to join the domain in rpc mode.
>> >
>> > # /usr/local/samba/bin/net rpc join -U Administrator%password
>> > Joined domain ABCDOM.
>> > #
>> >
>> > The smb.conf used is:
>> >
>> > # /usr/local/samba/bin/testparm
>> > Load smb config files from /usr/local/samba/lib/smb.conf
>> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>> (16384)
>> > Processing section "[homes]"
>> > Processing section "[printers]"
>> > Processing section "[Linux]"
>> > Loaded services file OK.
>> > Server role: ROLE_DOMAIN_MEMBER
>> > Press enter to see a dump of your service definitions
>> >
>> > [global]
>> >         workgroup = ABCDOM
>> >         realm = ABCDOM.PQR.COM
>> >         server string = Samba Server - Research
>> >         security = ADS
>> >         password server = 10.25.66.71
>> >         log level = 10
>> >         log file = /var/log/samba/%m.log
>> >         max log size = 50
>> >         add user script = /usr/sbin/useradd %u
>> >         delete user script = /usr/sbin/userdel %u
>> >         add group script = /usr/sbin/groupadd %g
>> >         delete group script = /usr/sbin/groupdel %g
>> >         add user to group script = /usr/sbin/usermod -a -G %g %u
>> >         delete user from group script = /usr/sbin/deluser %u %g
>> >         add machine script = /usr/sbin/adduser -n -g machines -c
>> Machine -d
>> > /dev/null -s /bin/false %u
>> >         domain master = No
>> >         dns proxy = No
>> >         wins server = 10.25.66.71
>> >         idmap uid = 200-120000
>> >         idmap gid = 200-120000
>> >         admin users = root
>> >         cups options = raw
>> >
>> > [homes]
>> >         comment = Home Directories
>> >         read only = No
>> >         browseable = No
>> >
>> > [printers]
>> >         comment = All Printers
>> >         path = /usr/spool/samba
>> >         printable = Yes
>> >         browseable = No
>> >
>> > [Linux]
>> >         comment = Share on this linux machine
>> >         path = /tmp/linux
>> >         read only = No
>> > #
>> >
>> > NOTE: 10.25.66.71 is the IP of my 2003 windows server.
>> >
>> > My lmhosts file is:
>> >
>> > # cat lmhosts.
>> > 10.25.66.71 ABC3
>> > 10.25.66.71 ABCDOM#1b
>> > 10.25.66.71 ABCDOM#1c
>> >
>> > #
>> >
>> > It would be great, if any one can tell me if there is anything wrong
>> here
>> > and probably help me sort out this issue.
>> > Thanks in advance!!
>>
>>
>> What does your krb5.conf look like?  I suspect it's having trouble
>> finding a kdc.
>>
>> -=Andrew
>>
>
>

More information about the samba mailing list