[Samba] Need help joining an IPv6 Windows 2008 AD server

Sowmya Manjanatha sowmya_ambale at yahoo.com
Fri Feb 28 17:23:01 MST 2014

I need to add btw that I had to modify "resolve_name" function in namequery.c in libsmb to get past ipv4 only resolution.  It was initially getting "No logon servers" which I got past after setting prefer_ipv4=false in that function.

On Friday, February 28, 2014 7:16 PM, Sowmya Manjanatha <sowmya_ambale at yahoo.com> wrote:
I have been trying to successfully join a Windows 2008 AD server using 

net ads join createcomputer="<OUname>" -U <usename>%password  for days and have been unsuccessful.  smb.conf and krb5.conf files are below.  

It fails with a message "Cannot contact any KDC for requested realm".  I have checked all the service records via 

dig +short _ldap._tcp.mydomain.com which returns

serv1 is the ipv6 server and the client I am communicating from only has ipv6 addresses (shown below) configured.  I have also tried to query other records e.g. _kerberos, _kpasswd, _gc etc and everything checks out.

I also verified that I can join the domain from an ipv4 client with the same credentials, same realm etc.

I also have no problems when I do a kinit username at MYDOMAIN.COM.  It asks for a password and it is accepted.  

So, I am wondering if any one has successfully joined an ipv6 AD server using "net ads".  Any  help is appreciated.


>>>>> smb.conf >>>>>

   workgroup = MYGROUP
   strict sync = yes
   server string = My Archive
   load printers = no
   disable spoolss = yes
   printcap name = /dev/null

      # Create a samba daemon that only listens on one network IP.
 List the namespace directories corresponding to this network
    bind interfaces only = yes
   interfaces = 2001:0:0:0:0:0:0:efca 
   pid directory   = /var/run/samba/_hcp_system_
   ncalrpc dir     = /var/run/samba/_hcp_system_/ncalrpc
   lock directory  = /var/cache/samba/_hcp_system_
   private dir     = /var/cache/samba/_hcp_system_
   log file        = /var/log/samba/log.smbd._hcp_system_
   log level       = 1
   fake oplocks = yes

   security = ads
   password server = servername.mydomain.com
   realm = mydomain.com
   kerberos method = secrets only 
   # Map users that cannot be resolve by AD to the guest account. If guest 
 # access is allowed on that share they will get in, otherwise they will be
   # denied
   map to guest = Bad User
   client ldap sasl wrapping = sign
   client ntlmv2 auth = no

   usershare max shares = 10 

>>>>> krb5.conf >>>>>

 default_realm = MYDOMAIN.COM
 default_keytab_name = FILE:/opt/arc/node-config/krb5.keytab
 udp_preference_limit = 50
 default_tkt_enctypes = rc4-hmac
 default_tgs_enctypes = rc4-hmac

  kdc = serv1.mydomain.com
  kpasswd_server = serv1.mydomain.com:464

mydomain.com  =
.mydomain.com = MYDOMAIN.COM

kdc = STDERR

More information about the samba mailing list