[Samba] Need help joining an IPv6 Windows 2008 AD server
Sowmya Manjanatha
sowmya_ambale at yahoo.com
Fri Feb 28 17:23:01 MST 2014
I need to add btw that I had to modify "resolve_name" function in namequery.c in libsmb to get past ipv4 only resolution. It was initially getting "No logon servers" which I got past after setting prefer_ipv4=false in that function.
On Friday, February 28, 2014 7:16 PM, Sowmya Manjanatha <sowmya_ambale at yahoo.com> wrote:
I have been trying to successfully join a Windows 2008 AD server using
net ads join createcomputer="<OUname>" -U <usename>%password for days and have been unsuccessful. smb.conf and krb5.conf files are below.
It fails with a message "Cannot contact any KDC for requested realm". I have checked all the service records via
dig +short _ldap._tcp.mydomain.com which returns
serv1.mydomain.com
serv1 is the ipv6 server and the client I am communicating from only has ipv6 addresses (shown below) configured. I have also tried to query other records e.g. _kerberos, _kpasswd, _gc etc and everything checks out.
I also verified that I can join the domain from an ipv4 client with the same credentials, same realm etc.
I also have no problems when I do a kinit username at MYDOMAIN.COM. It asks for a password and it is accepted.
So, I am wondering if any one has successfully joined an ipv6 AD server using "net ads". Any help is appreciated.
Thanks,
Sowmya.
>>>>> smb.conf >>>>>
[global]
workgroup = MYGROUP
strict sync = yes
server string = My Archive
load printers = no
disable spoolss = yes
printcap name = /dev/null
# Create a samba daemon that only listens on one network IP.
#
List the namespace directories corresponding to this network
bind interfaces only = yes
interfaces = 2001:0:0:0:0:0:0:efca
pid directory = /var/run/samba/_hcp_system_
ncalrpc dir = /var/run/samba/_hcp_system_/ncalrpc
lock directory = /var/cache/samba/_hcp_system_
private dir = /var/cache/samba/_hcp_system_
log file = /var/log/samba/log.smbd._hcp_system_
log level = 1
fake oplocks = yes
security = ads
password server = servername.mydomain.com
realm = mydomain.com
kerberos method = secrets only
# Map users that cannot be resolve by AD to the guest account. If guest
# access is allowed on that share they will get in, otherwise they will be
# denied
map to guest = Bad User
client ldap sasl wrapping = sign
client ntlmv2 auth = no
usershare max shares = 10
>>>>> krb5.conf >>>>>
[libdefaults]
default_realm = MYDOMAIN.COM
default_keytab_name = FILE:/opt/arc/node-config/krb5.keytab
udp_preference_limit = 50
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
[realms]
MYDOMAIN.COM = {
kdc = serv1.mydomain.com
kpasswd_server = serv1.mydomain.com:464
}
[domain_realm]
mydomain.com =
MYDOMAIN.COM
.mydomain.com = MYDOMAIN.COM
[logging]
kdc = STDERR
More information about the samba
mailing list