[Samba] Problems after PC is joined to the domain - Samba 4
theo at ubuntucy.org
Fri May 30 05:08:56 MDT 2014
On 05/30/2014 01:53 PM, steve wrote:
> On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:
>> Hello SAMBA community,
>> I used this guide to join a PC to the domain as member using samba 4:
>> I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The
>> stock samba version is:
>> # samba --version
>> Version 4.1.6-Ubuntu
>> When I tried to join the PC to the domain I got:
>> # net ads join -U admin
>> kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in Kerberos database
>> Failed to join domain: failed to connect to AD: Client not found in Kerberos database
>> Nevertheless the PC was joined to the domain despite the above error and
>> proceeded with the following steps. But when I try the lists the users
>> using 'wbinfo -u' I get some strange behavior. The command takes too
>> long to complete and it then gives:
>> # wbinfo -u --verbose
>> The second time I run the command it takes again too long but it gives
>> out the complete list of AD users. But when I try to login as a
>> particular user though I get:
>> # su - myusername
>> No passwd entry for user 'myusername'
>> # id myusername
>> id: myusername: no such user
>> This is my smb.conf:
>> # cat /etc/samba/smb.conf
>> netbios name = MYPCNAME
>> workgroup = DOM
>> security = ADS
>> realm = DOM.FOREST.INT
>> encrypt passwords = yes
> kerberos method = system keytab
> to [global]
> and issue:
> net ads keytab create -Uadmin
> (ru sure admin has sufficient privs to add machines?)?
I added that line and it gives:
# net ads keytab create -U 'DOM\admin'
Enter DOM\admin's password:
kerberos_kinit_password DOM\admin at DOM..INT failed: Client not found in Kerberos database
kerberos_kinit_password DOM\admin at LIM.TEPAK.INT failed: Client not found in Kerberos database
After omitting 'DOM\' from the username it gives:
# net ads keytab create -U 'admin'
Enter admin's password:
ads_get_dnshostname: No dNSHostName attribute!
../source3/libads/kerberos_keytab.c:328: unable to determine machine account's dns name in AD!
I have changed the true username and domain name for reason of paranoia
:) but I am certain that the user I use is a domain admin.
More information about the samba