[Samba] Unable to create principle and join domain with solaris / samba 3.5.8

Paul Smith paul.bb.smith at gmail.com
Thu Feb 16 08:27:50 MST 2012


Oracle are suggesting this is a known bug (oracle ID 7105257) with the
createcomputer argument of net ads join.

Has anyone come across this issue or have working examples of Samba >=
3.5.8 joining AD without requiring Administrator privileges?

Regards

Paul

On 9 Feb 2012, at 16:14, Paul Smith <paul.bb.smith at gmail.com> wrote:

> Has anyone had any success using net ads join to create a new service
> principal and join Active Directory using samba 3.5.8. This works fine
> in 3.0.35 but I'm not able to get a working create/join with 3.5.8
>
> In samba 3.0.35 (on a host which is already allowing kerberised
> loginsvia AD), the following works:
>
> net ads join createupn='CIFS/host.domain.com' \
> createcomputer='path/to/principal/' -U myadlogin
>
> After upgrading and restarting, samba works fine but deleting the AD
> service principal and samba/private files to reconfigure, the net join
> fails:
>
> # net ads join createupn='CIFS/smbtest.uk.domain.com'
> createcomputer='MITKerberos/Services' -U myadlogin
> Enter myadlogin's password:
> Failed to join domain: failed to precreate account in ou
> MITKerberos/Services: Invalid DN syntax
>
> The OU exists in AD (and works for earlier samba versions). Looking at
> net ads join output with -d 99, it looks like the net command isn't
> passing the netbios name through?
>
> [2012/02/09 15:45:29.014700, 1] libnet/libnet_join.c:1978()
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : 'AAA'
> dns_domain_name : 'aaa.ads.domain.com'
> forest_name : 'ADS.DOMAIN.COM'
> dn : NULL
> domain_sid : *
> domain_sid : S-1-5-21-1606980848-1965331169-1417001333
> modified_config : 0x00 (0)
> error_string : 'failed to precreate account in ou
> MITKerberos/Services: Invalid DN syntax'
> domain_is_ad : 0x01 (1)
> result : WERR_DEFAULT_JOIN_REQUIRED
> [2012/02/09 15:45:29.014909, 10] intl/lang_tdb.c:138()
> lang_tdb_init: /usr/lib/samba/en_GB.UTF-8.msg: No such file or directory
> Failed to join domain: failed to precreate account in ou
> MITKerberos/Services: Invalid DN syntax
> [2012/02/09 15:45:29.015245, 2] utils/net.c:916()
> return code = -1
>
> The smb.conf for this is as follows
>
> [global]
> server string = SMBTEST Samba Server
> security = ADS
> realm = AAA.ADS.DOMAIN.COM
> netbios name = SMBTEST
> workgroup = AAA
> interfaces = SMBTEST.uk.domain.com
> bind interfaces only = Yes
> log level = 3
> log file = /var/samba/log/log.%m
> max log size = 128
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536 SO_KEEPALIVE
> nis homedir = No
> hide dot files = Yes
> wide links = No
> local master = No
> domain master = No
> preferred master = No
> os level = 0
>
> [homes]
> comment = Home Directories
> browseable = yes
> public = no
> writable = yes
>
> Anyone have any pointers on how to create principles and join AD using
> 3.5.8 or any ideas of relevant changes between 3.0.35 and 3.5.8 that
> might explain this?
>
> Regards
>
> Paul


More information about the samba mailing list