[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
Rowland Penny
rowlandpenny241155 at gmail.com
Wed Nov 18 18:48:53 UTC 2015
On 18/11/15 18:08, Schuyler Bishop wrote:
> When I sent the original note, I had it configured this way:
>
> [realms]
> HIJ.KLM.COM <http://hij.klm.com/> = {
> kdc = ad1.hij.klm.com
> kdc = ad2.hij.klm.com
> admin_server = ad.hij.klm.com
> default_domain = hij.klm.com
> }
>
> [domain_realm]
> .xyz.hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/>
> .hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/>
>
> But then after reading about kerberos on the samba site, it seemed to
> suggest to not configure krb5.conf and instead rely on DNS. I then noticed
> these two lines in the krb5.conf that seemed to say "ignore DNS for
> kerberos":
>
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> After changing those to true and commenting all the realm and domain_realm
> stuff out, I could still do a kinit of my domain account and login to the
> server using kerberos but still have issues with the testjoin and starting
> smbd gives me errors such as:
>
> [2015/11/17 20:16:58.660864, 0]
> ../source3/libads/kerberos_util.c:74(ads_kinit_password)
> kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot contact any KDC
> for requested realm
>
>
OK, it would seem that you really only need this in krb5.conf:
[libdefaults]
default_realm = HIJ.KLM.COM
Now as long as your /etc/resolv.conf contains something like this:
search hij.klm.com
nameserver <ipaddress of the DC>
and time is the same on the DC and the domain member, you should be able
to join the domain
Also, as you are on Ubuntu, check that Network Manager isn't using
dnsmasq, if it is, turn it off in the conf file. Check that you haven't
got a line in /etc/hosts that starts '127.0.1.1' , if you do, remove it,
if you are using DHCP you only need a line like this:
127.0.0.1 localhost
If you are not using DHCP, you also need a line like this:
192.168.0.34 host.hij.klm.com host
Where '192.168.0.34' is the ipaddress of the machine, 'host' is the
machines hostname.
Rowland
More information about the samba
mailing list