[Samba] Problems after PC is joined to the domain - Samba 4
steve
steve at steve-ss.com
Fri May 30 05:40:06 MDT 2014
On Fri, 2014-05-30 at 14:08 +0300, Theodotos Andreou wrote:
> On 05/30/2014 01:53 PM, steve wrote:
> > On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:
> >> Hello SAMBA community,
> >>
> >> I used this guide to join a PC to the domain as member using samba 4:
> >> https://wiki.samba.org/index.php/Samba4/Domain_Member
> >>
> >> I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The
> >> stock samba version is:
> >>
> >> # samba --version
> >> Version 4.1.6-Ubuntu
> >>
> >> When I tried to join the PC to the domain I got:
> >>
> >> # net ads join -U admin
> >> kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in Kerberos database
> >> Failed to join domain: failed to connect to AD: Client not found in Kerberos database
> >>
> >> Nevertheless the PC was joined to the domain despite the above error and
> >> proceeded with the following steps. But when I try the lists the users
> >> using 'wbinfo -u' I get some strange behavior. The command takes too
> >> long to complete and it then gives:
> >>
> >> # wbinfo -u --verbose
> >> FOREST\usbms_somepcname
> >>
> >> The second time I run the command it takes again too long but it gives
> >> out the complete list of AD users. But when I try to login as a
> >> particular user though I get:
> >>
> >> # su - myusername
> >> No passwd entry for user 'myusername'
> >> # id myusername
> >> id: myusername: no such user
> >>
> >> This is my smb.conf:
> >>
> >> # cat /etc/samba/smb.conf
> >> [global]
> >>
> >> netbios name = MYPCNAME
> >> workgroup = DOM
> >> security = ADS
> >> realm = DOM.FOREST.INT
> >> encrypt passwords = yes
> > Hi
> > try:
> > add
> > kerberos method = system keytab
> > to [global]
> > and issue:
> > net ads keytab create -Uadmin
> > (ru sure admin has sufficient privs to add machines?)?
> >
> >
> I added that line and it gives:
>
> # net ads keytab create -U 'DOM\admin'
> Enter DOM\admin's password:
> kerberos_kinit_password DOM\admin at DOM..INT failed: Client not found in Kerberos database
> kerberos_kinit_password DOM\admin at LIM.TEPAK.INT failed: Client not found in Kerberos database
>
> After omitting 'DOM\' from the username it gives:
>
> # net ads keytab create -U 'admin'
> Enter admin's password:
> ads_get_dnshostname: No dNSHostName attribute!
> ../source3/libads/kerberos_keytab.c:328: unable to determine machine account's dns name in AD!
>
> I have changed the true username and domain name for reason of paranoia
> :) but I am certain that the user I use is a domain admin.
DNS on Ubuntu:
http://linuxcostablanca.blogspot.com.es/2014/05/dns-good-enough-for-kerberos.html
More information about the samba
mailing list