[Samba] wbinfo -u/-g does not query AD DC [SOLVED]
debian at lhanke.de
Wed Aug 6 08:44:56 MDT 2014
Am 06.08.2014 14:09, schrieb steve:
It seems I just did not restart the winbindd after some crucial change.
After restarting the service, wbinfo runs as expected.
The rest is supplied as an information for others troubleshooting
>> I can do "kinit user" and I can query the samba LDAP to see domain
>> users. I did a "net ads join" and added the DNS for the machine
>> manually, since this fails with the 3.6.6 join script.
> It fails because you do not have DNS set correctly. The machine you are
> joining is not sending its correct hostname.
The join failed with the same error on the other system, which is
running correctly. I investigated that situation and found that the
error is probably unrelated to the AD DC. I dropped that matter since
3.6.6 phases out and everything else was running nicely.
It queries the correct DNS and another machine works nicely with this
DNS. Any other DNS would not resolve the AD DC FQDN in the first place.
> Try the dns checklist:
> That's on Debian. When that doesn't work, try putting only the hostname
> in /etc/hostname.
As said, Kerberos runs fine. The DNS items of the winbind checklist have
been verified. BTW: Using the FQDN for 127.0.0.1 didn't work for the
> Go no further if the join throws errors.
root at nfs4:~# net ads join -UAdministrator
Enter Administrator's password:
Using short domain name -- AD
Joined 'NFS4' to realm 'ad.microsult.de'
DNS Update for nfs4.ad.microsult.de failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed!
root at nfs4:~#
So the join is reported as successful, the DNS update failed. But I
added the machine record manually on the DC. And during the last
discussion it was claimed that this wasn't even necessary for a client
So I did not setup nss and PAM so far, which to me makes little sense
before winbind tools work as expected.
At this point wbinfo must work already!
More information about the samba