[Samba] net ads join fails (FreeBSD-specific)

Roman Dilken roman at dilken.de
Fri Mar 20 03:47:57 MDT 2015 

Hi,

I tested again and found out that the ports-version is broken.
If i Install out of the package-collection, samba and winbindd work
correct and net ads join does its job.

Greetings,

Roman

On 11.03.2015 10:08, Rowland Penny wrote:
> On 11/03/15 04:49, Roman Dilken wrote:
>> smb.conf and krb5.conf on dc2:
>>
>> # Global parameters
>> [global]        workgroup = AD
>>          realm = ad.dilken.eu
>>          netbios name = DC2
>>          server role = active directory domain controller
>>          idmap_ldb:use rfc2307 = yes
>>          log level = 5
>>
>> [netlogon]
>>          path = /var/lib/samba/sysvol/ad.dilken.eu/scripts
>>          read only = No
>>
>> [sysvol]
>>          path = /var/lib/samba/sysvol
>>          read only = No
>>
>> [libdefaults]
>>      dns_lookup_realm = true
>>      dns_lookup_kdc = true
>>      default_realm = AD.DILKEN.EU
>>
>> smb.conf and krb5.conf on raspberry-pi:
>>
>> [libdefaults]
>>          default_realm = AD.DILKEN.EU
>>          dns_lookup_realm = true
>>          dns_lookup_kdc = true
>>
>> [logging]
>> kdc = FILE:/var/log/krb5kdc.log
>> admin_server = FILE:/var/log/kadmin.log
>> default = FILE:/var/log/krb5lib.log
>>
>> # Global parameters
>> [global]
>>          workgroup = AD
>>          realm = AD.DILKEN.EU
>>          netbios name = RASPBERRY-PI
>>          server role = active directory domain controller
>>          dns forwarder = 192.71.247.247
>>          idmap_ldb:use rfc2307 = yes
>>          log level = 5
>>
>> [netlogon]
>>          path = /var/lib/samba/sysvol/ad.dilken.eu/scripts
>>          read only = No
>>
>> [sysvol]
>>          path = /var/lib/samba/sysvol
>>          read only = No
>>
>> I'll check the DNS entries later again.
>>
>> Greetings
>>
>>
>> Am 10.03.2015 um 22:55 schrieb Rowland Penny:
>>
>>> Hmm, it should actually be _kerberos._udp.ad.dilken.eu, what is in
>>> /etc/krb5.conf on the two DCs, also what is smb.conf on the two DCs
>>>
>>> Rowland
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> I would expect the smb.conf on both DCs to identical (apart from netbios
> name), but DC2 doesn't have a forwarder, are you using bind9 on this DC ?
> 
> If you are using bind, you are missing the 'server services' line, I use
> bind9 and have this in smb.conf:
> 
> [global]
>         workgroup = EXAMPLE
>         realm = example.com
>         netbios name = DC01
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>         idmap_ldb:use rfc2307 = yes
>         template shell = /bin/bash
> ;        log level = 3
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/example.com/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> 
> /etc/krb5.conf on both my DCs is this:
> 
> [libdefaults]
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>     default_realm = EXAMPLE.COM
> 
> /etc/resolv.conf on both my DCs is this:
> 
> search example.com
> nameserver 127.0.0.1
> 
> 
> Rowland
>

More information about the samba mailing list