[Samba] Few questions about members

Rowland Penny rowlandpenny at googlemail.com
Thu Jun 5 08:58:03 MDT 2014

On 05/06/14 15:35, Steve Campbell wrote:
> On 6/4/2014 4:05 PM, steve wrote:
>> On Wed, 2014-06-04 at 15:57 -0400, Steve Campbell wrote:
>>> On 6/4/2014 3:37 PM, Steve Campbell wrote:
>>>> On 6/4/2014 3:13 PM, steve wrote:
>>>>> On Wed, 2014-06-04 at 12:22 -0400, Steve Campbell wrote:
>>>>>> Top posting now because the original was useless.
>>>>>> When we try to join a member to the domain, the following results
>>>>>> are given:
>>>>>> # /usr/local/samba/bin/net ads join -U administrator
>>>>>> Enter administrator's password:
>>>>>> Using short domain name -- TS
>>>>>> Joined 'MEMBER1' to dns domain 'ts.mystuff.com'
>>>>>> DNS Update for member1.ts.mystuff.com failed: 
>>>>>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>>>>>> DNS seems to work as expected, though. The previous tests showed
>>>>>> working
>>>>>> DNS.
>>>>> That's the worrying part. Samba still issues tickets even with the 
>>>>> wrong
>>>>> (or no) dns registered in AD.
>>>>>> We have even added the A record for the server manually.
>>>>>> # host -t A member1.ts.mystuff.com
>>>>>> member1.ts.mystuff.com has address
>>>>> Hi
>>>>> It doesn't matter if you add the record or not. It is the machine you
>>>>> are joining which HAS to send it's own ID. The best (only way we've
>>>>> found at least) way to do this is in /etc/hosts
>>>>> member1.ts.mystuff.com member1 localhost
>>>>> If you're dhcp, you'll also need some way to update the dns on the DC
>>>>> although worryingly, as we just said, you can still get tickets 
>>>>> with the
>>>>> wrong or no IP in AD.
>>>>> HTH
>>>>> Steve
>>>> Does it have to be localhost? I didn't install this machine, and just
>>>> discovered the person who put Centos on only used "Storage" as the
>>>> hostname (not fully qualified). I don't think it matters in this venue
>>>> what the real hostname is as long as the Netbios name matches what you
>>>> put in the host file.
>>>> So, now that I know things must be in hosts (I presume it needs to be
>>>> that way on the AD as well?), do I need to do anything like Un"join"
>>>> and then re"join" the member?
>>>> Any thing that clues us in helps, so I'm sure you've helped a bit.
>>>> steve
>>> My hosts file now has this line in it:
>>>   localhost localhost.localdomain localhost4
>>> localhost4.localdomain4 member1.ts.mystuff.com member1
>>> I seemed to recall that each line in hosts could only have 4 names, but
>>> left the default installed names on the localhost line.
>>> I stopped and restarted smbd, nmbd, and winbindd to no avail. I then
>>> tried rejoining as a member with no benefits.
>> Please help us to help you. We have already given you the correct line
>> for /etc/hosts. Why not use that?
> So frustrating...for me and most likely all of you to have to keep 
> seeing my name pop up on the list... but
> I'm now following this page:
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares
> When I get to the section SeDiskOperatorPrivilege, I'm getting the 
> following error:
> ]# /usr/local/samba/bin/net rpc rights grant 'TS/Domain Admins' 
> SeDiskOperatorPrivilege -Uadministrator
> Enter administrator's password:
> Could not connect to server
> Connection failed: NT_STATUS_IO_TIMEOUT

ER, you are running this on the AD server, aren't you ??

and the correct command would be:

/usr/local/samba/bin/net rpc rights grant TS\\"Domain Admins" 
SeDiskOperatorPrivilege -UAdministrator


> I thought maybe I had the "Domain Admins" wrong, but after trying a 
> few other commands, I get basically the same thing. Googling only 
> tells me this is a common error for about 487 different things, and 
> none ever seem to provide solutions.
> System restarts and restarting smbd, nmbd, and winbindd doesn't change 
> the error.
> Does this sound familiar to anyone else?
> steve campbell

More information about the samba mailing list