[Samba] Joining Domain
Andre Kruger
Andre.Kruger at TRW.COM
Wed Aug 27 05:17:41 MDT 2014
I made the change that you suggest but I still get the exact same error message. Just to clarify:
1. I added " idmap config DOMAIN : schema_mode = rfc2307"
1. Yes, the krugersa account has the rights required. I join other machines to my domain using this account. Administrator isn't used.
2. idmap config DOMAIN : backend = ad/rid <- I assume this does not impact joining the domain? It is used after the domain has been joined successfully.
The is my global section as it is now:
[global]
workgroup = DOMAIN
realm = AD.DOMAIN.COM
server string = Samba
security = ADS
log file = /var/samba/log/log.%m
max log size = 50000
client ldap sasl wrapping = sign
load printers = No
local master = No
domain master = No
dns proxy = No
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config DOMAIN : range = 20000-800000
idmap config DOMAIN : backend = ad
idmap config DOMAIN : schema_mode = rfc2307
idmap config * : backend = tdb <- I don't get this line, it is not in my smb.conf file but when I parse the file with testparm it is in the output. Why?
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
Sent: 27 August 2014 11:31
To: samba at lists.samba.org
Subject: Re: [Samba] Joining Domain
On 27/08/14 10:21, Andre Kruger wrote:
> I have successfully compiled and installed Samba 4.1.11 from source on OpenIndiana 151a8.
>
> I tested the server by creating a folder and adding a local samba user (smbpasswd -a) and mapping a drive from my Windows machine which successded. I was able to access the test file in the folder as well as edit and save it.
>
> Now I am trying to join my samba server to my domain but it is failing and the error messages are not helping much and google's responses aren't really helping.
>
> Can anybody on the list help? When I try and join the domain I get the following error message:
>
> ./net ads join -U krugersa
> Enter krugersa's password:
Does 'krugersa' have the required permissions to join to the domain ?
have you tried with 'Administrator' ?
> ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED kinit
> succeeded but ads_sasl_spnego_krb5_bind failed:
> NT_STATUS_NOT_SUPPORTED Failed to join domain: failed to connect to
> AD: NT_STATUS_NOT_SUPPORTED
>
>
> What causes samba to output this particular error message? "NT_STATUS_NOT_SUPPORTED" is very general...
>
> A copy of my smb.conf file:
>
> [global]
> workgroup = DOMAIN
> realm = AD.DOMAIN.COM
> server string = Samba
> security = ADS
> log file = /var/samba/log/log.%m
> max log size = 50000
> client ldap sasl wrapping = sign
> load printers = No
> local master = No
> domain master = No
> dns proxy = No
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap config * : range = 20000-800000
> idmap config * : backend = tdb
You appear to have a portion missing:
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-999999
idmap config DOMAIN : schema_mode = rfc2307
Adjust the range to suit your setup, if your AD users do not have uidNumber's change 'ad' to 'rid'
Rowland
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> print ok = Yes
> browseable = No
>
> [testperm]
> path = /testperm
> valid users = @DOMAIN+Admins
> read only = No
> create mask = 0770
> directory mask = 0770
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list