[Samba] Not able to join domain using ads and target IP
Rowland Penny
rowlandpenny at googlemail.com
Mon Feb 23 06:32:32 MST 2015
On 23/02/15 11:35, Hari Naresh Rawat wrote:
> i am not able to join the domain using ads and target ip ( net ads
> join –S <domain
> controller ip> –U <username> ).
> I am getting below error.
>
> *net ads join -S 172.17.100.97 -U administrator*
> *Enter administrator's password:*
> *kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in
> Kerberos database*
> *Failed to join domain: failed to connect to AD: Server not found in
> Kerberos database*
> *[root at ESX2VMTKRHEL2 ~]#*
>
> However i am able to join the domain using either rpc in place of ads or by
> specifying domain controller name in place of domain controller ip .
>
> This seems to be a samba bug 6502 (
> https://bugzilla.samba.org/show_bug.cgi?id=6502#c0) which is in NEW state
> on samba 3.0 and i am using 3.6 as shown below.
>
> [root at ESX2VMTKRHEL2 ~]#
> [root at ESX2VMTKRHEL2 ~]# smbstatus --version
> Version 3.6.23-12.el6
> [root at ESX2VMTKRHEL2 ~]#
>
>
> So please help.
>
> ####################The content of krb5.conf & smb.conf is as below
> +++++++++++++++
> /etc/krb5.conf
> ==============
>
> [root at ESX2VMTKRHEL2 ~]# vi /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = HARI.COM
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
> [realms]
> HARI.COM = {
> kdc = WIN-08U8DKU3EV3.HARI.com:88
> }
>
> [domain_realm]
> .hari.com = HARI.COM
> hari.com = HARI.COM
>
>
>
>
>
>
>
> /etc/samba/smb.conf
> ===================
>
>
> [root at ESX2VMTKRHEL2 ~]# hostname
> ESX2VMTKRHEL2
> [root at ESX2VMTKRHEL2 ~]# ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 00:0C:29:1F:8E:5B
> inet addr:172.17.100.96 Bcast:172.17.100.255 Mask:255.255.255.0
> inet6 addr: fe80::20c:29ff:fe1f:8e5b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4397729 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1135336 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:4284194888 (3.9 GiB) TX bytes:192947542 (184.0 MiB)
>
> [root at ESX2VMTKRHEL2 ~]#
>
>
> [root at ESX2VMTKRHEL2 ~]# vi /etc/samba/smb.conf
> # setsebool -P samba_export_all_rw on
> #
> #======================= Global Settings
> =====================================
>
> [global]
>
>
> netbios name = ESX2VMTKRHEL2
> server string = Samba Domain Member Server
> workgroup = HARI
> security = ADS
> realm = HARI.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> preferred master = no
> encrypt passwords = yes
> winbind separator = +
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config HARI:backend = ad
> idmap config HARI:schema_mode = rfc2307
> idmap config HARI:range = 10000-99999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
>
>
> #logging
>
> log file = /var/log/samba/%m.log
> max log size = 10240
>
>
>
> #============================ Share Definitions
> =============================
>
>
>
>
> [public]
> path = /public
> browseable = yes
> writeable = yes
> guest ok = yes
>
> [share80]
> comment = share80
> path = /mnt/share80
> public = No
> read only = No
> writable = Yes
> printable = No
> browseable = Yes
> create mask = 0777
> directory mask = 0777
>
> **********************************************************************************************************
>
>
>
> Thanks,
> Hari
You do not need the '-S' option, you only need 'net ads join -U
Administrator' , the DC should be found by dns, your member server does
have the DC as the first nameserver in /etc/resolv.conf doesn't it ?
Rowland
More information about the samba
mailing list