[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
James
lingpanda101 at gmail.com
Thu Dec 3 18:22:29 UTC 2015
On 12/3/2015 12:52 PM, Jonathan S. Fisher wrote:
> jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
> Enter administrator's password:
> Using short domain name -- WINDOWS
> Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com'
> jonathan.fisher at freeradius:~$ hostname
> freeradius
> jonathan.fisher at freeradius:~$ hostname -d
> windows.corp.XXX.com
> jonathan.fisher at freeradius:~$ hostname -f
> freeradius.windows.corp.XXX.com
> jonathan.fisher at freeradius:~$ hostname -i
> 192.168.127.134
> jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = WINDOWS.CORP.XXX.COM
> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.127.129
> search windows.corp.XXX.com
> jonathan.fisher at freeradius:~$ sudo net ads testjoin
> Join is OK
> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart &&
> sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd
> restart
> Shutting down SAMBA winbindd : *
> Starting SAMBA winbindd : *
> Shutting down SAMBA nmbd : *
> Starting SAMBA nmbd : *
> Shutting down SAMBA smbd : *
> Starting SAMBA smbd : *
> jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
> WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
> jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
> Unable to find a suitable server for domain WINDOWS
>
>
> Sigh. I really appreciate your guy's help. I know this thread is starting
> to drone on.
>
>
> On Thu, Dec 3, 2015 at 10:26 AM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 03/12/15 16:06, Jonathan S. Fisher wrote:
>>
>>>> host -t SRV _ldap._tcp.windows.corp.XXX.com <
>>> http://tcp.windows.corp.XXX.com>
>>> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com> has
>>> SRV record 0 100 389 whiskey.windows.corp.XXX.com <
>>> http://whiskey.windows.corp.XXX.com>.
>>> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com> has
>>> SRV record 0 100 389 wine.windows.corp.XXX.com <
>>> http://wine.windows.corp.XXX.com>.
>>>
>>>> host -t SRV _kerberos._udp.windows.corp.XXX.com <
>>> http://udp.windows.corp.XXX.com>
>>> _kerberos._udp.windows.corp.XXX.com <http://udp.windows.corp.XXX.com>
>>> has SRV record 0 100 88 whiskey.windows.corp.XXX.com <
>>> http://whiskey.windows.corp.XXX.com>.
>>> _kerberos._udp.windows.corp.XXX.com <http://udp.windows.corp.XXX.com>
>>> has SRV record 0 100 88 wine.windows.corp.XXX.com <
>>> http://wine.windows.corp.XXX.com>.
>>>
>>>> host -t A freeradius.windows.corp.XXX.com <
>>> http://freeradius.windows.corp.XXX.com>.
>>> freeradius.windows.corp.XXX.com <http://freeradius.windows.corp.XXX.com>
>>> has address 192.168.127.134
>>>
>>>> host -t SRV 192.168.127.134
>>> 134.127.168.192.in-addr.arpa domain name pointer
>>> freeradius.windows.corp.XXX.com <http://freeradius.windows.corp.XXX.com>.
>>>
>>> I tried the same thing with ".WINDOWS" and it doesn't work of course...
>>>
>>>
>>>
>>>
>> Your DNS appears to be working :-)
>>
>> Lets move on from there:
>>
>> Quick recap:
>> 'hostname' should return 'freeradius'
>> 'hostname -d' should return 'windows.corp.xxx.com'
>> 'hostname -f' should return 'freeradius.windows.corp.xxx.com'
>> 'hostname -i' should return '192.168.127.134'
>>
>> /etc/resolv.conf should contain this:
>>
>> search windows.corp.xxx.com
>> nameserver 'ip of first DC'
>> nameserver 'ip of second DC'
>>
>> /etc/krb5.conf should contain this:
>>
>> [libdefaults]
>> default_realm = WINDOWS.CORP.XXX.COM
>>
>>
>> smb.conf is setup as per the samba wiki
>>
>> If you run 'net ads testjoin' it should return 'Join is OK'
>>
>> If all the above is complied with, running 'sudo net rpc info
>> -UAdministrator' should return something like this:
>>
>> Domain Name: SAMDOM
>> Domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
>> Sequence number: 1
>> Num users: XXX
>> Num domain groups: XX
>> Num local groups: XX
>>
>> If it doesn't, add this line to smb.conf: log level = 10
>> Restart samba and try again
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
Anything helpful if you run with a debug level of 10?
"sudo net rpc info -UWINDOWS\\Administrator -d 10"
--
-James
More information about the samba
mailing list