[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain
ivenhov
iwan.daniel at gmail.com
Mon Jun 8 03:42:05 MDT 2015
Thanks all for helping with this and for script
Still no luck though.
I've modified scripts as they had some bugs, my output and modified version
at the end.
As I mentioned, I don't have any issues with joining samba 4.1 or 4.2 in the
lab, only on that site.
>> if so, try the following.
>> in resolv.conf, add
>> search mynat.myco.bcu myco.bcu
I haven't tried that yet. Will do next.
There is myco.bcu domain along with mynat.myco.bcu, I'm not sure if that
makes it more tricky.
In the meantime there were some firewall issues discovered and fixed
(filtering of the IPs connecting to LDAP ports). Issue persists though.
I don't have full access unfortunately to see exactly what's happening on AD
but I can make necessary changes on samba box.
At this point I'm thinking error:
Failed to join domain: failed to connect to AD: Cannot contact any KDC for
requested realm
is a bogus and real problem lies somewhere else (shown by result
WERR_DEFAULT_JOIN_REQUIRED and WERR_GENERAL_FAILURE)
>> Could it be that allowing a normal user to join computers has been
>> turned off ?
Yes it is possible. But apparently my user should have enough permission (I
sceptical)
Does user doing join has to be Domain Admin, or only permission to creating
objects in OU is necessary?
How can I check via command line if user have enough permissions ?
In my lab I get WERR_DEFAULT_JOIN_REQUIRED when user is not DomainAdmin.
Here are my results and modified scripts.
m at serv1602:~$ ./script1.sh
Content of /etc/resolv.conf
------------------------
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.80.8.88
nameserver 10.80.96.13
nameserver 10.80.96.17
------------------------------------------------
Content of /etc/hosts
------------------------
127.0.0.1 localhost
10.80.100.74 serv1602.mynat.myco.bcu serv1602
10.80.8.88 dc1001.mynat.myco.bcu
10.80.137.41 dc1003.mynat.myco.bcu
------------------------------------------------
Content of /etc/hostname
------------------------
serv1602.mynat.myco.bcu
------------------------------------------------
Local names
------------------------
domain: mynat.myco.bcu
host long: serv1602.mynat.myco.bcu
host short: serv1602
------------------------------------------------
test 1
testing of : host -t SRV _ldap._tcp.mynat.myco.bcu. : ok
test 2
testing of : host -t SRV _kerberos._udp.mynat.myco.bcu. : ok
test3
testing of : host -t A serv1602.mynat.myco.bcu. : ok
------------------------------------------------
domain: mynat.myco.bcu
host: serv1602.mynat.myco.bcu
host short: serv1602
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$ ./script2.sh
myco.bcu
testing of : host -t SRV _ldap._tcp.myco.bcu. : ok
testing of : host -t SRV _kerberos._udp.myco.bcu. : ok
testing of : host -t A serv1602.mynat.myco.bcu. : ok
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$ cat ./script1.sh
#!/bin/bash
echo "Content of /etc/resolv.conf"
echo -e "------------------------"
cat /etc/resolv.conf
echo -e "------------------------------------------------"
echo -e "\nContent of /etc/hosts"
echo -e "------------------------"
cat /etc/hosts
echo -e "------------------------------------------------"
echo -e "\nContent of /etc/hostname"
echo -e "------------------------"
cat /etc/hostname
echo -e "------------------------------------------------"
SETDNSDOMAIN=`hostname -d`
SETHOSTNAME=`hostname -f`
SETSHORTHOSTNAME=`hostname -s`
echo -e "\nLocal names"
echo -e "------------------------"
echo "domain: " $SETDNSDOMAIN
echo "host long:" $SETHOSTNAME
echo "host short:" $SETSHORTHOSTNAME
echo -e "------------------------------------------------"
echo "test 1"
if [ -z "`host -t SRV _ldap._tcp.${SETDNSDOMAIN}. | grep 'not found'`" ];
then
echo "testing of : host -t SRV _ldap._tcp.${SETDNSDOMAIN}. : ok"
else
echo "testing of : host -t SRV _ldap._tcp.${SETDNSDOMAIN}. : FAILED"
fi
echo "test 2"
if [ -z "`host -t SRV _kerberos._udp.${SETDNSDOMAIN}. | grep "not found" `"
]; then
echo "testing of : host -t SRV _kerberos._udp.${SETDNSDOMAIN}. : ok";
else
echo "testing of : host -t SRV _kerberos._udp.${SETDNSDOMAIN}. :
FAILED";
fi
echo "test3"
if [ -z "`host -t A ${SETSHORTHOSTNAME}.${SETDNSDOMAIN}. | grep "not found"
`" ]; then
echo "testing of : host -t A ${SETSHORTHOSTNAME}.${SETDNSDOMAIN}. : ok";
else
echo "testing of : host -t A ${SETSHORTHOSTNAME}.${SETDNSDOMAIN}. :
FAILED";
fi
echo -e "------------------------------------------------\n\n"
echo "domain: " $SETDNSDOMAIN
echo "host:" $SETHOSTNAME
echo "host short:" $SETSHORTHOSTNAME
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$
m at serv1602:~$ cat ./script2.sh
#!/bin/bash
SETDNSDOMAIN="myco.bcu"
SETHOSTNAME=`hostname -f`
echo $SETDNSDOMAIN
if [ -z "`host -t SRV _ldap._tcp.${SETDNSDOMAIN}. | grep 'not found'`" ];
then
echo "testing of : host -t SRV _ldap._tcp.${SETDNSDOMAIN}. : ok"
else
echo "testing of : host -t SRV _ldap._tcp.${SETDNSDOMAIN}. : FAILED"
fi
if [ -z "`host -t SRV _kerberos._udp.${SETDNSDOMAIN}. | grep "not found" `"
]; then
echo "testing of : host -t SRV _kerberos._udp.${SETDNSDOMAIN}. : ok";
else
echo "testing of : host -t SRV _kerberos._udp.${SETDNSDOMAIN}. :
FAILED";
fi
if [ -z "`host -t A ${SETHOSTNAME}. | grep "not found" `" ]; then
echo "testing of : host -t A ${SETHOSTNAME}. : ok";
else
echo "testing of : host -t A ${SETHOSTNAME}. : FAILED";
fi
m at serv1602:~$
--
View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555p4686918.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list