[Samba] Unable to join to Windows 2003 PDC using samba 3.5.8 from alinux machine!!

L.P.H. van Belle belle at bazuin.nl
Wed Apr 6 00:40:11 MDT 2011


If your windows server is ADS, and has DNS, then make the ADS servers dns to
trust the dns of bind, 
and allow zone transferts from you windows to linux machine. This is done
with on the ADS DNS. 

Louis



>-----Oorspronkelijk bericht-----
>Van: mueller at tropenklinik.de 
>[mailto:samba-bounces at lists.samba.org] Namens Daniel Müller
>Verzonden: 2011-04-06 08:06
>Aan: 'Rick Gates'; 'Andrew Masterson'; samba at lists.samba.org; 
>gaiseric.vandal at gmail.com; monyo at monyo.com
>Onderwerp: Re: [Samba] Unable to join to Windows 2003 PDC 
>using samba 3.5.8 from alinux machine!!
>
>For windows ads to work you need a correct DNS-Server on your 
>W2003 to work.
>And your samba as dns client should be able
>to resolve your windows ads correctly. With windows ads you 
>can forget wins.
>Wins is the best solution for a old domain without ads.
>
>-----------------------------------------------
>EDV Daniel Müller
>
>Leitung EDV
>Tropenklinik Paul-Lechler-Krankenhaus
>Paul-Lechler-Str. 24
>72076 Tübingen
>
>Tel.: 07071/206-463, Fax: 07071/206-499
>eMail: mueller at tropenklinik.de
>Internet: www.tropenklinik.de
>-----------------------------------------------
>-----Ursprüngliche Nachricht-----
>Von: samba-bounces at lists.samba.org 
>[mailto:samba-bounces at lists.samba.org] Im
>Auftrag von Rick Gates
>Gesendet: Dienstag, 5. April 2011 21:03
>An: Andrew Masterson; samba at lists.samba.org; gaiseric.vandal at gmail.com;
>monyo at monyo.com
>Betreff: Re: [Samba] Unable to join to Windows 2003 PDC using 
>samba 3.5.8
>from alinux machine!!
>
>Hi Takahashi and all those in the list,
>
>>>Sometimes AD specific configuration is needed to krb5.conf.
>
>What kind of "AD specific configuration" are you talking about.
>Can you kindly elaborate?
>It may be helpful for me.
>
>>>Have you set DNS server to 10.25.66.71 and ABCDOM.PQR.COM to the
>search or domain directive in your /etc/resolv.conf?
>Can you resolve correct SRV record of the domain on your Samba server?
>
>10.25.66.71  is not my DNS server.
>In fact 10.25.66.71  is my WINS server.
>I have therefore included it in smb.conf:
>
># /usr/local/samba/bin/testparm -sv | grep -i wins
>Load smb config files from /usr/local/samba/lib/smb.conf
>rlimit_max: increasing rlimit_max (1024) to minimum Windows 
>limit (16384)
>Processing section "[homes]"
>Processing section "[printers]"
>Processing section "[Linux]"
>Loaded services file OK.
>Server role: ROLE_DOMAIN_MEMBER
>        name resolve order = wins host lmhost bcast
>        max wins ttl = 518400
>        min wins ttl = 21600
>        wins proxy = No
>*        wins server = 10.25.66.71*
>        wins support = No
>        wins hook =
>#
>
>However, I cannot resolve ABCDOM.PQR.COM.
>It should be taken care by WINS, right?
>
>(However, I tried defining ABCDOM.PQR.COM in /etc/hosts file.
>and also tried setting /etc/nsswitch.conf file with the entry of:
>hosts: files dns
>But, nslookup would always first try DNS and return.
>Had resolved similar issues with above steps successful on 
>unix machine ...
>but I am now working on a RHEL machine and I have not yet 
>found a successful
>way to do this)
>
>Any suggestions are welcome.
>
>Regard,
>Rick
>
>On Tue, Apr 5, 2011 at 11:59 PM, Rick Gates 
><rick123.gates at gmail.com> wrote:
>
>> Hi all,
>>
>> I was on a bit extended weekend .. so got delayed in responding ...
>>
>> To answer some of the questions:
>>
>>
>> >>Is the ADS domain in "NT4 compatibility" mode or "windows 
>2003 native"
>> mode?    I think that "NT4" machines can still join ADS 
>domains even if
>the
>> ADS domains are in 2000/2003 mode.
>>
>> I am not sure about this.
>> How can I find this out?
>> I still will have to do some googling on this front.
>>
>>
>> >> Also check
>>    testparm -v | grep resolve
>> think it is better to have hosts and wins first.
>>
>> I have now set the value of "name resolve order" to:
>>
>> # /usr/local/samba/bin/testparm -sv | grep -i resolve
>>
>> Load smb config files from /usr/local/samba/lib/smb.conf
>> rlimit_max: increasing rlimit_max (1024) to minimum Windows 
>limit (16384)
>> Processing section "[homes]"
>> Processing section "[printers]"
>> Processing section "[Linux]"
>> Loaded services file OK.
>> Server role: ROLE_DOMAIN_MEMBER
>>         name resolve order = wins host lmhost bcast
>> #
>>
>> I set it to WINS first because, my ADS server is a WINS server.
>> But, the above modificatiosn did not work.
>>
>>
>> >>Is the ADS server your DNS server?  Is the samba server 
>using the ADS
>> server as the DNS server?  DNS should include "resource 
>records" to help
>> locate an ADS DC.  I don't think you can have lmhosts entry 
>for an ADS
>> server.
>>
>> My ADS server is a WINS server, not a DNS server.
>>
>>
>> >>What does your krb5.conf look like?  I suspect it's having trouble
>> finding a kdc.
>>
>> My krb5.conf is as follows:
>>
>> # cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = ABCDOM.PQR.COM
>> default_tkt_enctypes = rc4-hmac
>> default_tgs_enctypes = rc4-hmac
>>
>> [realms]
>> ABCDOM.PQR.COM = {
>> kdc = 10.25.66.71 :88
>> admin_server = 10.25.66.71
>> default_domain = abcdom.pqr.com
>> }
>>
>> [domain_realm]
>> .abcdom.pqr.com = ABCDOM.PQR.COM
>>
>> #
>>
>> Regards,
>> Rick
>>
>>
>>
>> On Sat, Apr 2, 2011 at 3:22 AM, Andrew Masterson <
>> andrew.masterson at nuvistaenergy.com> wrote:
>>
>>>
>>> > -----Original Message-----
>>> > From: samba-bounces at lists.samba.org
>>> [mailto:samba-bounces at lists.samba.org]
>>> > On Behalf Of Rick Gates
>>> > Sent: Friday, April 01, 2011 10:00 AM
>>> > To: samba at lists.samba.org
>>> > Subject: [Samba] Unable to join to Windows 2003 PDC using 
>samba 3.5.8
>>> from
>>> > alinux machine!!
>>> >
>>> > Hi all,
>>> >
>>> > I am using samba 3.5.8 on a linux machine.
>>> > I am not able to join the domain of a windows 2003 server 
>in ADS mode.
>>> >
>>> > I am getting the following error message:
>>> >
>>> > # /usr/local/samba/bin/net ads join -U Administrator%password -I
>>> 10.25.66.71
>>> >
>>> > Failed to join domain: failed to find DC for domain ABCDOM.PQR.COM
>>> > #
>>> >
>>> > I am not sure what the issue here.
>>> > It works absolutely fine when I try to join the domain in 
>rpc mode.
>>> >
>>> > # /usr/local/samba/bin/net rpc join -U Administrator%password
>>> > Joined domain ABCDOM.
>>> > #
>>> >
>>> > The smb.conf used is:
>>> >
>>> > # /usr/local/samba/bin/testparm
>>> > Load smb config files from /usr/local/samba/lib/smb.conf
>>> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>>> (16384)
>>> > Processing section "[homes]"
>>> > Processing section "[printers]"
>>> > Processing section "[Linux]"
>>> > Loaded services file OK.
>>> > Server role: ROLE_DOMAIN_MEMBER
>>> > Press enter to see a dump of your service definitions
>>> >
>>> > [global]
>>> >         workgroup = ABCDOM
>>> >         realm = ABCDOM.PQR.COM
>>> >         server string = Samba Server - Research
>>> >         security = ADS
>>> >         password server = 10.25.66.71
>>> >         log level = 10
>>> >         log file = /var/log/samba/%m.log
>>> >         max log size = 50
>>> >         add user script = /usr/sbin/useradd %u
>>> >         delete user script = /usr/sbin/userdel %u
>>> >         add group script = /usr/sbin/groupadd %g
>>> >         delete group script = /usr/sbin/groupdel %g
>>> >         add user to group script = /usr/sbin/usermod -a -G %g %u
>>> >         delete user from group script = /usr/sbin/deluser %u %g
>>> >         add machine script = /usr/sbin/adduser -n -g machines -c
>>> Machine -d
>>> > /dev/null -s /bin/false %u
>>> >         domain master = No
>>> >         dns proxy = No
>>> >         wins server = 10.25.66.71
>>> >         idmap uid = 200-120000
>>> >         idmap gid = 200-120000
>>> >         admin users = root
>>> >         cups options = raw
>>> >
>>> > [homes]
>>> >         comment = Home Directories
>>> >         read only = No
>>> >         browseable = No
>>> >
>>> > [printers]
>>> >         comment = All Printers
>>> >         path = /usr/spool/samba
>>> >         printable = Yes
>>> >         browseable = No
>>> >
>>> > [Linux]
>>> >         comment = Share on this linux machine
>>> >         path = /tmp/linux
>>> >         read only = No
>>> > #
>>> >
>>> > NOTE: 10.25.66.71 is the IP of my 2003 windows server.
>>> >
>>> > My lmhosts file is:
>>> >
>>> > # cat lmhosts.
>>> > 10.25.66.71 ABC3
>>> > 10.25.66.71 ABCDOM#1b
>>> > 10.25.66.71 ABCDOM#1c
>>> >
>>> > #
>>> >
>>> > It would be great, if any one can tell me if there is 
>anything wrong
>>> here
>>> > and probably help me sort out this issue.
>>> > Thanks in advance!!
>>>
>>>
>>> What does your krb5.conf look like?  I suspect it's having trouble
>>> finding a kdc.
>>>
>>> -=Andrew
>>>
>>
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4906 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20110406/54e8e12f/attachment.bin>


More information about the samba mailing list