[Samba] net ads join fails in Ubuntu 14.04 in AWS

Alex Slynko Alex.Slynko at wonga.com
Wed Jul 16 03:07:46 MDT 2014


Hi all

EC2 Ubuntu 14.04 instances can't join domain. Same setup works fine for local virtual machines.
Domain processes request normally.
Kinit works fine with generated config

root at new1404:~# net ads join -U dnscreate%password -d 1
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'NEW1404'
            domain_name              : *
                domain_name              : 'AWS.DOMAIN.COM'
            account_ou               : NULL
            admin_account            : 'dnscreate'
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
kerberos_kinit_password dnscreate at AWS.DOMAIN.COM failed: Cannot contact any KDC for requested realm
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : 'AWS'
            dns_domain_name          : 'aws.domain.com'
            forest_name              : 'domain.com'
            dn                       : NULL
            domain_sid               : *
                domain_sid               : S-1-5-21-3703399817-2864286332-805048363
            modified_config          : 0x00 (0)
            error_string             : 'failed to connect to AD: Cannot contact any KDC for requested realm'
            domain_is_ad             : 0x01 (1)
            result                   : WERR_GENERAL_FAILURE

root at new1404:~# net lookup kdc
172.30.192.5:389
172.30.192.5:88
172.30.160.5:88

Sincerely,
Alex Slynko
WDFC UK Limited. Registered in England & Wales with registered number 6374235 and registered office 88 Crawford Street, London W1H 2EJ. Authorised and regulated by the Financial Conduct Authority. Interim Permission Number 611974. Any communication sent by or on behalf of WDFC UK Limited or any of its subsidiary, holding or affiliated companies or entities (together "Wonga") is confidential and may be privileged or otherwise protected. If you receive it in error please inform us and then delete it from your system. You should not copy it or disclose its contents to anyone. Messages sent to and from Wonga may be monitored to ensure compliance with our internal policies and to protect our business. Emails are not secure and cannot be guaranteed to be error free. Anyone who communicates with us by email is taken to accept these risks.
---------------------------------------------------------------------------------------
 This email has been scanned for email related threats and delivered safely by Mimecast.
 For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------




More information about the samba mailing list