[Samba] Unable to create principle and join domain with solaris / samba 3.5.8

Paul Smith paul.bb.smith at gmail.com
Thu Feb 9 09:14:22 MST 2012


Has anyone had any success using net ads join to create a new service
principal and join Active Directory using samba 3.5.8. This works fine
in 3.0.35 but I'm not able to get a working create/join with 3.5.8

In samba 3.0.35 (on a host which is already allowing kerberised
loginsvia AD), the following works:

net ads join createupn='CIFS/host.domain.com' \
createcomputer='path/to/principal/' -U myadlogin

After upgrading and restarting, samba works fine but deleting the AD
service principal and samba/private files to reconfigure, the net join
fails:

# net ads join createupn='CIFS/smbtest.uk.domain.com'
createcomputer='MITKerberos/Services' -U myadlogin
Enter myadlogin's password:
Failed to join domain: failed to precreate account in ou
MITKerberos/Services: Invalid DN syntax

The OU exists in AD (and works for earlier samba versions). Looking at
net ads join output with -d 99, it looks like the net command isn't
passing the netbios name through?

[2012/02/09 15:45:29.014700, 1] libnet/libnet_join.c:1978()
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'AAA'
dns_domain_name : 'aaa.ads.domain.com'
forest_name : 'ADS.DOMAIN.COM'
dn : NULL
domain_sid : *
domain_sid : S-1-5-21-1606980848-1965331169-1417001333
modified_config : 0x00 (0)
error_string : 'failed to precreate account in ou
MITKerberos/Services: Invalid DN syntax'
domain_is_ad : 0x01 (1)
result : WERR_DEFAULT_JOIN_REQUIRED
[2012/02/09 15:45:29.014909, 10] intl/lang_tdb.c:138()
lang_tdb_init: /usr/lib/samba/en_GB.UTF-8.msg: No such file or directory
Failed to join domain: failed to precreate account in ou
MITKerberos/Services: Invalid DN syntax
[2012/02/09 15:45:29.015245, 2] utils/net.c:916()
return code = -1

The smb.conf for this is as follows

[global]
server string = SMBTEST Samba Server
security = ADS
realm = AAA.ADS.DOMAIN.COM
netbios name = SMBTEST
workgroup = AAA
interfaces = SMBTEST.uk.domain.com
bind interfaces only = Yes
log level = 3
log file = /var/samba/log/log.%m
max log size = 128
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
SO_SNDBUF=65536 SO_KEEPALIVE
nis homedir = No
hide dot files = Yes
wide links = No
local master = No
domain master = No
preferred master = No
os level = 0

[homes]
comment = Home Directories
browseable = yes
public = no
writable = yes

Anyone have any pointers on how to create principles and join AD using
3.5.8 or any ideas of relevant changes between 3.0.35 and 3.5.8 that
might explain this?

Regards

Paul


More information about the samba mailing list