[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Jonathan S. Fisher jonathan at springventuregroup.com
Thu Dec 3 17:52:13 UTC 2015


jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- WINDOWS
Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com'
jonathan.fisher at freeradius:~$ hostname
freeradius
jonathan.fisher at freeradius:~$ hostname -d
windows.corp.XXX.com
jonathan.fisher at freeradius:~$ hostname -f
freeradius.windows.corp.XXX.com
jonathan.fisher at freeradius:~$ hostname -i
192.168.127.134
jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
[libdefaults]
default_realm = WINDOWS.CORP.XXX.COM
jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.127.129
search windows.corp.XXX.com
jonathan.fisher at freeradius:~$ sudo net ads testjoin
Join is OK
jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart &&
sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd
restart
Shutting down SAMBA winbindd :  *
Starting SAMBA winbindd :  *
Shutting down SAMBA nmbd :  *
Starting SAMBA nmbd :  *
Shutting down SAMBA smbd :  *
Starting SAMBA smbd :  *
jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
Unable to find a suitable server for domain WINDOWS


Sigh. I really appreciate your guy's help. I know this thread is starting
to drone on.


On Thu, Dec 3, 2015 at 10:26 AM, Rowland penny <rpenny at samba.org> wrote:

> On 03/12/15 16:06, Jonathan S. Fisher wrote:
>
>> > host -t SRV _ldap._tcp.windows.corp.XXX.com <
>> http://tcp.windows.corp.XXX.com>
>> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com> has
>> SRV record 0 100 389 whiskey.windows.corp.XXX.com <
>> http://whiskey.windows.corp.XXX.com>.
>> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com> has
>> SRV record 0 100 389 wine.windows.corp.XXX.com <
>> http://wine.windows.corp.XXX.com>.
>>
>> > host -t SRV _kerberos._udp.windows.corp.XXX.com <
>> http://udp.windows.corp.XXX.com>
>> _kerberos._udp.windows.corp.XXX.com <http://udp.windows.corp.XXX.com>
>> has SRV record 0 100 88 whiskey.windows.corp.XXX.com <
>> http://whiskey.windows.corp.XXX.com>.
>> _kerberos._udp.windows.corp.XXX.com <http://udp.windows.corp.XXX.com>
>> has SRV record 0 100 88 wine.windows.corp.XXX.com <
>> http://wine.windows.corp.XXX.com>.
>>
>> > host -t A freeradius.windows.corp.XXX.com <
>> http://freeradius.windows.corp.XXX.com>.
>> freeradius.windows.corp.XXX.com <http://freeradius.windows.corp.XXX.com>
>> has address 192.168.127.134
>>
>> > host -t SRV 192.168.127.134
>> 134.127.168.192.in-addr.arpa domain name pointer
>> freeradius.windows.corp.XXX.com <http://freeradius.windows.corp.XXX.com>.
>>
>> I tried the same thing with ".WINDOWS" and it doesn't work of course...
>>
>>
>>
>>
> Your DNS appears to be working :-)
>
> Lets move on from there:
>
> Quick recap:
> 'hostname' should return 'freeradius'
> 'hostname -d' should return 'windows.corp.xxx.com'
> 'hostname -f' should return 'freeradius.windows.corp.xxx.com'
> 'hostname -i' should return '192.168.127.134'
>
> /etc/resolv.conf should contain this:
>
> search windows.corp.xxx.com
> nameserver 'ip of first DC'
> nameserver 'ip of second DC'
>
> /etc/krb5.conf should contain this:
>
> [libdefaults]
>         default_realm = WINDOWS.CORP.XXX.COM
>
>
> smb.conf is setup as per the samba wiki
>
> If you run 'net ads testjoin' it should return 'Join is OK'
>
> If all the above is complied with, running 'sudo net rpc info
> -UAdministrator' should return something like this:
>
> Domain Name: SAMDOM
> Domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
> Sequence number: 1
> Num users: XXX
> Num domain groups: XX
> Num local groups: XX
>
> If it doesn't, add this line to smb.conf: log level = 10
> Restart samba and try again
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.


More information about the samba mailing list