[Samba] Problem Joining a ubuntu 12.04+samba to a W2k DC

L.P.H. van Belle belle at bazuin.nl
Fri Feb 21 08:14:21 MST 2014 

Hai, 

Why are you using an IP blok which is reserved. 
I suggest you first change to a private range and not a public range or do you own this range.. 
This is asking for problems.. 

I suggest, you try with this:

1) check time on both servers, and set te same. 
2) The realm must be in uppercase or you will get a 
	“Cannot find KDC for requested realm while getting initial credentials” error (Kerberos is case-sensitive!). 
but i see all CAPS in your config, but not with the join. 

join with :  ( this is a join as DC, but look at this and what you typed. 

sudo samba-tool domain join FAMILY.LOCAL DC -Uadministrator --realm=FAMILY.LOCAL 

change in your hosts file :
127.0.0.1 CHILD-SERVER CHILD-SERVER.FAMILY.LOCAL localhost
TO 
127.0.0.1 localhost localhost.localdomain localhost.FAMILY.LOCAL 


and you can try, below, but should not be needed. 
krb5.conf 
[libdefaults]
         default_realm = FAMILY.LOCAL
         ticket_lifetime = 24000
         clock_skew = 300
	   default_etypes     = des-cbc-crc des-cbc-md5
	   default_etypes_des = des-cbc-crc des-cbc-md5

Louis


>-----Oorspronkelijk bericht-----
>Van: carlosrpevertsz at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Carlos R. Pena
>Verzonden: vrijdag 21 februari 2014 15:56
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Problem Joining a ubuntu 12.04+samba to a W2k DC
>
>
>Hello to everybody in the forum.
>
>I am trying to join a ubuntu server as a member of a domain controlled 
>by a Windows 2000 Server.
>
>When i execute the join the system return de followin error:
>
>sudo net ads join -U administrator
>Enter administrator's password:
>Using short domain name -- FAMILY
>Joined 'CHILD-SERVER' to realm 'Family.local'
>net_update_dns_internal: Failed to connect to our DC!
>DNS update failed!
>
>Can anybody help me? Any ideas?
>
>Sincerely,
>
>Carlos
>
>****************************************************
>Here is the detailed information about my installation.
>
>
>Domain      = FAMILY.LOCAL
>
>DC
>Server Name = PARENT-SERVER
>IP          = 26.4.0.1
>OS          = Windows 2000 Server
>Admin User  = administrator
>
>
>Member Server to be Joined to the Domain
>Server Name = CHILD-SERVER
>IP          = 26.4.0.2
>OS          = Ubuntu 12.04
>Admin User  = administrator
>
>
>
>***************************************************************
>**********
>/etc/hosts
>
>127.0.0.1 CHILD-SERVER CHILD-SERVER.FAMILY.LOCAL localhost
>26.4.0.1 PARENT-SERVER PARENT-SERVER.FAMILY.LOCAL
>26.4.0.2 CHILD-SERVER CHILD-SERVER.FAMILY.LOCAL
>
># The following lines are desirable for IPv6 capable hosts
>::1     ip6-localhost ip6-loopback
>fe00::0 ip6-localnet
>ff00::0 ip6-mcastprefix
>ff02::1 ip6-allnodes
>ff02::2 ip6-allrouters
>
>***************************************************************
>***********
>/etc/krb5.conf
>
>[libdefaults]
>         default_realm = FAMILY.LOCAL
>         ticket_lifetime = 24000
>         clock_skew = 300
>
>
>[realms]
>         FAMILY.LOCAL = {
>                 kdc = PARENT-SERVER.FAMILY.LOCAL
>                 admin_server = PARENT-SERVER.FAMILY.LOCAL
>                 default_domain = FAMILY.LOCAL
>         }
>
>
>[domain_realm]
>         .family.local = FAMILY.LOCAL
>         family.local = FAMILY.LOCAL
>
>
>***************************************************************
>*****************
>/etc/samba/smb.conf
>
>[global]
>    security = ads
>    realm = FAMILY.LOCAL
>    password server = 26.4.0.1
>    workgroup = FAMILY
>    server string = %h server (Samba, Ubuntu)
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    winbind enum users = yes
>    winbind enum groups = yes
>    winbind cache time = 10
>    winbind use default domain = yes
>
>    client use spnego = yes
>    client ntlmv2 auth = yes
>    encrypt passwords = true
>    restrict anonymous = 2
>
>    domain master = no
>    local master = no
>    preferred master = no
>    os level = 0
>
>[OurShare]
>    commend = Our Share
>    valid users = @FAMILY\PEOPLE, FAMILY/ADMINISTRATOR, administrator
>    admin users = FAMILY/ADMINISTRATOR, administrator
>    browseable = no
>    path = /OurShare
>    read only = no
>    public = no
>    force create mode = 777
>    create mask = 777
>    security mask = 777
>    force security mode = 777
>
>    directory mask = 2777
>    force directory mode = 2777
>    directory security mask = 2777
>    force directory security mode = 2777
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list