[Samba] Failed to join domain: failed to join domain 'XXX.YYY' over rpc: Access denied
steve
steve at steve-ss.com
Tue Aug 26 04:30:25 MDT 2014
On Tue, 2014-08-26 at 12:02 +0200, Cyril Feraudet wrote:
> Hi all,
>
> I get an error when I try to join domain from CentOS 6.5. Have you an
> idea ?
>
>
> /etc/samba/smb.conf :
> ---------------------
> [global]
> workgroup = XXX
> server string = Samba Server Version %v
> log file = /var/log/samba/log.%m
> max log size = 50
> realm = XXX.YYY
> security = ads
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> password server = dcserver.xxx.yyy
> winbind separator = \
>
>
> /etc/krb5.conf :
> ----------------
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = XXX.YYY
> dns_lookup_realm = false
> dns_lookup_kdc = false
comment false and add:
dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
>
> [realms]
> XXX.YYY = {
> kdc = dcserver.xxx.yyy:88
> admin_server = dcserver.xxx.yyy:749
> }
>
> [domain_realm]
> .xxx.yyy = XXX.YYY
> xxx.yyy = XXX.YYY
>
> /var/kerberos/krb5kdc/kdc.conf :
> --------------------------------
> [kdcdefaults]
> kdc_ports = 88
> kdc_tcp_ports = 88
>
> [realms]
> XXX.YYY= {
> #master_key_type = aes256-cts
> acl_file = /var/kerberos/krb5kdc/kadm5.acl
> dict_file = /usr/share/dict/words
> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
> supported_enctypes = aes256-cts:normal aes128-cts:normal
> des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal
> des-cbc-md5:normal des-cbc-crc:normal
> }
>
> Then :
> ------
>
> # kinit administrateur at XXX.YYY
> Password for administrateur at XXX.YYY:
>
> # kdb5_util create -s
> Loading random data
> Initializing database '/var/kerberos/krb5kdc/principal' for realm
> 'XXX.YYY',
> master key name 'K/M at XXX.YYY'
> You will be prompted for the database Master Password.
> It is important that you NOT FORGET this password.
> Enter KDC database master key:
> Re-enter KDC database master key to verify:
Remove /var/kerberos/krb5kdc/principal
>
>
> # net ads join -U "administrateur at JALMA.NET" -S serveur-8.jalma.net
now do:
net ads join -Uadministrateur
Any better?
HTH
More information about the samba
mailing list