[Samba] Problems after PC is joined to the domain - Samba 4

steve steve at steve-ss.com
Mon Jun 2 06:06:25 MDT 2014


On Mon, 2014-06-02 at 08:24 +0300, Theodotos Andreou wrote:
> On 05/30/2014 02:40 PM, steve wrote:
> > On Fri, 2014-05-30 at 14:08 +0300, Theodotos Andreou wrote:
> >> On 05/30/2014 01:53 PM, steve wrote:
> >>> On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:
> >>>> Hello SAMBA community,
> >>>>
> >>>> I used this guide to join a PC to the domain as member using samba 4:
> >>>> https://wiki.samba.org/index.php/Samba4/Domain_Member
> >>>>
> >>>> I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The
> >>>> stock samba version is:
> >>>>
> >>>> # samba --version
> >>>> Version 4.1.6-Ubuntu
> >>>>
> >>>> When I tried to join the PC to the domain I got:
> >>>>
> >>>> # net ads join -U admin
> >>>> kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in Kerberos database
> >>>> Failed to join domain: failed to connect to AD: Client not found in Kerberos database
> >>>>
> >>>> Nevertheless the PC was joined to the domain despite the above error and
> >>>> proceeded with the following steps. But when I try the lists the users
> >>>> using 'wbinfo -u' I get some strange behavior. The command takes too
> >>>> long to complete and it then gives:
> >>>>
> >>>> # wbinfo -u --verbose
> >>>> FOREST\usbms_somepcname
> >>>>
> >>>> The second time I run the command it takes again too long but it gives
> >>>> out the complete list of AD users. But when I try to login as a
> >>>> particular user though I get:
> >>>>
> >>>> # su - myusername
> >>>> No passwd entry for user 'myusername'
> >>>> # id myusername
> >>>> id: myusername: no such user
> >>>>
> >>>> This is my smb.conf:
> >>>>
> >>>> # cat /etc/samba/smb.conf
> >>>>     [global]
> >>>>
> >>>>       netbios name = MYPCNAME
> >>>>       workgroup = DOM
> >>>>       security = ADS
> >>>>       realm = DOM.FOREST.INT
> >>>>       encrypt passwords = yes
> >>> Hi
> >>> try:
> >>> add
> >>> kerberos method = system keytab
> >>> to [global]
> >>> and issue:
> >>> net ads keytab create -Uadmin
> >>> (ru sure admin has sufficient privs to add machines?)?
> >>>
> >>>
> >> I added that line and it gives:
> >>
> >> # net ads keytab create -U 'DOM\admin'
> >> Enter DOM\admin's password:
> >> kerberos_kinit_password DOM\admin at DOM..INT failed: Client not found in Kerberos database
> >> kerberos_kinit_password DOM\admin at LIM.TEPAK.INT failed: Client not found in Kerberos database
> >>
> >> After omitting 'DOM\' from the username it gives:
> >>
> >> # net ads keytab create -U 'admin'
> >> Enter admin's password:
> >> ads_get_dnshostname: No dNSHostName attribute!
> >> ../source3/libads/kerberos_keytab.c:328: unable to determine machine account's dns name in AD!
> >>
> >> I have changed the true username and domain name for reason of paranoia
> >> :) but I am certain that the user I use is a domain admin.
> > DNS on Ubuntu:
> > http://linuxcostablanca.blogspot.com.es/2014/05/dns-good-enough-for-kerberos.html
> >
> >
> Ok now I have this configuration:
> 
> # grep 127 /etc//hosts
> 127.0.0.1       localhost
> 127.0.1.1       MYPCNAME.dom.forest.int MYPCNAME
> 
> and this:
> 
> # cat /etc/hostname
> MYPCNAME
> 
> Testing:
> 
> # hostname -d
> dom.forest.int
> 
> # domainname
> (none)
> 
> I have no idea why domainname gives different results than hostname -d

It is because you have ignored the information in the link which you
quote.
 
> 
> The PC name resolves correctly on DNS:
> 
> # host MYPCNAME.dom.forest.int
> MYPCNAME.dom.forest.int has address 10.10.10.156
> 
> The problem persists:
> 
> # net ads keytab create -U admin
> Enter admin's password:
> ads_get_dnshostname: No dNSHostName attribute!
> ../source3/libads/kerberos_keytab.c:328: unable to determine machine account's dns name in AD!

Of course it can't. Try again. Same link as before, but this time follow
it correctly.
HTH
Steve




More information about the samba mailing list