[Samba] Problems after PC is joined to the domain - Samba 4

Theodotos Andreou theo at ubuntucy.org
Mon Jun 2 23:45:24 MDT 2014


Very informative but still I am not sure what I am supposed to do to get 
the command 'domainname' right. This is my configuration according to 
steve's suggestions:

# grep 127 /etc/hosts
127.0.1.1    MYPCNAME.dom.forest.int MYPCNAME localhost

# cat /etc/hostname
MYPCNAME.dom.forest.int

# grep hosts /etc/nsswitch.conf
hosts:          files dns

# cat /etc/krb5.conf
[libdefaults]
         default_realm = DOM.FOREST.INT
         dns_lookup_realm = false
         dns_lookup_kdc = true

But I still get:

# hostname -d
dom.forest.int

# domainname
(none)

What is the necessary configuration to get domainname right?

On 06/02/2014 03:49 PM, L.P.H. van Belle wrote:
>>> # hostname -d
>>> dom.forest.int
>>>
>>> # domainname
>>> (none)
> domainname   ( looks in kernel info )
> hostname -d  ( is from resolving subsystems ) 	
>
> 2 different things, read on, this is good info about this subject.
>
>
> The primary source of confusion seems to be the distinction between
> the hostname and the domain name which are set and determined in different ways, not simultaneously.
>
> The kernel maintains the current hostname which is set (in a distribution-specific way) at boot time
> and can be changed on the fly.
> The domain name is determined by the resolver system, usually from the static hosts database (/etc/hosts) or via DNS
>
>
> The kernel maintains the current (unqualified) hostname of the system.
> Here are a few of the numerous ways to obtain it:
> hostname
> uname -n
> cat /proc/sys/kernel/hostname
> sysctl kernel.hostname
>
> The hostname can be changed temporarily by running
> hostname MyTempHostName
>
> Each distribution has a script that runs at boot time which sets the hostname.
> The way to change the hostname permanently thus differs by distribution.
>
> -  Debian has an init script, /etc/init.d/hostname.sh, which is called at boot time and sets the hostname
>     what is given in /etc/hostname. To change the hostname, place only the unqualified hostname (e.g., MyTempHostName)
>     in /etc/hostname and run sudo /etc/init.d/hostname.sh.
>
> - Ubuntu, like Debian, also uses /etc/hostname, but to update the hostname after making a change,
>    run sudo service hostname start.
>
> As of ubuntu 14.XX it is allowed to put the hostname.domain.tld in /etc/hostname
> ( For debian I did not look this up )
>
>
> The domain name is distinct from the hostname and is determined by the resolver subsystem
> The current FQDN of the system can be found as follows:
> hostname -f		MyTempHostName.example.com
>
> To obtain this information the system first finds asks for the hostname:  MyTempHostName
> Then it asks for the IP address of MyTempHostName : (example 192.168.1.111 )
> Finally, it asks for the full hostname and domain that corresponds to the IP adres 192.168.1.111
>
> Here the man hostname also says..
> in case of hostname -f
>
> A FQDN consists of a short host name and the DNS domain name.
> Unless you are using bind or NIS for host lookups you can change the FQDN and
> the DNS domain name (which is part of the FQDN) in the /etc/hosts file.
>
>
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>> Namens steve
>> Verzonden: maandag 2 juni 2014 14:06
>> Aan: Theodotos Andreou
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Problems after PC is joined to the
>> domain - Samba 4
>>
>> On Mon, 2014-06-02 at 08:24 +0300, Theodotos Andreou wrote:
>>> On 05/30/2014 02:40 PM, steve wrote:
>>>> On Fri, 2014-05-30 at 14:08 +0300, Theodotos Andreou wrote:
>>>>> On 05/30/2014 01:53 PM, steve wrote:
>>>>>> On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:
>>>>>>> Hello SAMBA community,
>>>>>>>
>>>>>>> I used this guide to join a PC to the domain as member
>> using samba 4:
>>>>>>> https://wiki.samba.org/index.php/Samba4/Domain_Member
>>>>>>>
>>>>>>> I am using Ubuntu 14.04 64 bit and I installed samba
> >from the repos. The
>>>>>>> stock samba version is:
>>>>>>>
>>>>>>> # samba --version
>>>>>>> Version 4.1.6-Ubuntu
>>>>>>>
>>>>>>> When I tried to join the PC to the domain I got:
>>>>>>>
>>>>>>> # net ads join -U admin
>>>>>>> kerberos_kinit_password DOM\admin at DOM.FOREST.INT
>> failed: Client not found in Kerberos database
>>>>>>> Failed to join domain: failed to connect to AD: Client
>> not found in Kerberos database
>>>>>>> Nevertheless the PC was joined to the domain despite
>> the above error and
>>>>>>> proceeded with the following steps. But when I try the
>> lists the users
>>>>>>> using 'wbinfo -u' I get some strange behavior. The
>> command takes too
>>>>>>> long to complete and it then gives:
>>>>>>>
>>>>>>> # wbinfo -u --verbose
>>>>>>> FOREST\usbms_somepcname
>>>>>>>
>>>>>>> The second time I run the command it takes again too
>> long but it gives
>>>>>>> out the complete list of AD users. But when I try to login as a
>>>>>>> particular user though I get:
>>>>>>>
>>>>>>> # su - myusername
>>>>>>> No passwd entry for user 'myusername'
>>>>>>> # id myusername
>>>>>>> id: myusername: no such user
>>>>>>>
>>>>>>> This is my smb.conf:
>>>>>>>
>>>>>>> # cat /etc/samba/smb.conf
>>>>>>>      [global]
>>>>>>>
>>>>>>>        netbios name = MYPCNAME
>>>>>>>        workgroup = DOM
>>>>>>>        security = ADS
>>>>>>>        realm = DOM.FOREST.INT
>>>>>>>        encrypt passwords = yes
>>>>>> Hi
>>>>>> try:
>>>>>> add
>>>>>> kerberos method = system keytab
>>>>>> to [global]
>>>>>> and issue:
>>>>>> net ads keytab create -Uadmin
>>>>>> (ru sure admin has sufficient privs to add machines?)?
>>>>>>
>>>>>>
>>>>> I added that line and it gives:
>>>>>
>>>>> # net ads keytab create -U 'DOM\admin'
>>>>> Enter DOM\admin's password:
>>>>> kerberos_kinit_password DOM\admin at DOM..INT failed: Client
>> not found in Kerberos database
>>>>> kerberos_kinit_password DOM\admin at LIM.TEPAK.INT failed:
>> Client not found in Kerberos database
>>>>> After omitting 'DOM\' from the username it gives:
>>>>>
>>>>> # net ads keytab create -U 'admin'
>>>>> Enter admin's password:
>>>>> ads_get_dnshostname: No dNSHostName attribute!
>>>>> ../source3/libads/kerberos_keytab.c:328: unable to
>> determine machine account's dns name in AD!
>>>>> I have changed the true username and domain name for
>> reason of paranoia
>>>>> :) but I am certain that the user I use is a domain admin.
>>>> DNS on Ubuntu:
>>>>
>> http://linuxcostablanca.blogspot.com.es/2014/05/dns-good-enough
>> -for-kerberos.html
>>>>
>>> Ok now I have this configuration:
>>>
>>> # grep 127 /etc//hosts
>>> 127.0.0.1       localhost
>>> 127.0.1.1       MYPCNAME.dom.forest.int MYPCNAME
>>>
>>> and this:
>>>
>>> # cat /etc/hostname
>>> MYPCNAME
>>>
>>> Testing:
>>>
>>> # hostname -d
>>> dom.forest.int
>>>
>>> # domainname
>>> (none)
>>>
>>> I have no idea why domainname gives different results than
>> hostname -d
>>
>> It is because you have ignored the information in the link which you
>> quote.
>>
>>> The PC name resolves correctly on DNS:
>>>
>>> # host MYPCNAME.dom.forest.int
>>> MYPCNAME.dom.forest.int has address 10.10.10.156
>>>
>>> The problem persists:
>>>
>>> # net ads keytab create -U admin
>>> Enter admin's password:
>>> ads_get_dnshostname: No dNSHostName attribute!
>>> ../source3/libads/kerberos_keytab.c:328: unable to determine
>> machine account's dns name in AD!
>>
>> Of course it can't. Try again. Same link as before, but this
>> time follow
>> it correctly.
>> HTH
>> Steve
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>



More information about the samba mailing list