[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers... - SOLVED!!!

Schuyler Bishop schuyler.bishop at gmail.com
Wed Nov 18 19:43:45 UTC 2015 

So - the fix was to put it into klm.com rather than hij.klm.com.  Kind of
verifies one of the thoughts earlier in the stream - don't use a subdomain
with a trust.  Or try to but if it doesn't work, you'll just have to put it
in the forrest root domain.

On Wed, Nov 18, 2015 at 1:53 PM Rowland Penny <rowlandpenny241155 at gmail.com>
wrote:

> On 18/11/15 18:08, Schuyler Bishop wrote:
> > When I sent the original note, I had it configured this way:
> >
> > [realms]
> > HIJ.KLM.COM <http://hij.klm.com/> = {
> > kdc = ad1.hij.klm.com
> > kdc = ad2.hij.klm.com
> > admin_server = ad.hij.klm.com
> > default_domain = hij.klm.com
> > }
> >
> > [domain_realm]
> > .xyz.hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/>
> > .hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/>
> >
> > But then after reading about kerberos on the samba site, it seemed to
> > suggest to not configure krb5.conf and instead rely on DNS.  I then
> noticed
> > these two lines in the krb5.conf that seemed to say "ignore DNS for
> > kerberos":
> >
> >          dns_lookup_realm = false
> >          dns_lookup_kdc = false
> >
> > After changing those to true and commenting all the realm and
> domain_realm
> > stuff out, I could still do a kinit of my domain account and login to the
> > server using kerberos but still have issues with the testjoin and
> starting
> > smbd gives me errors such as:
> >
> > [2015/11/17 20:16:58.660864,  0]
> > ../source3/libads/kerberos_util.c:74(ads_kinit_password)
> >    kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot contact any
> KDC
> > for requested realm
> >
> >
>
> OK, it would seem that you really only need this in krb5.conf:
>
> [libdefaults]
>          default_realm = HIJ.KLM.COM
>
> Now as long as your /etc/resolv.conf contains something like this:
>
> search hij.klm.com
> nameserver <ipaddress of the DC>
>
> and time is the same on the DC and the domain member, you should be able
> to join the domain
>
> Also, as you are on Ubuntu, check that Network Manager isn't using
> dnsmasq, if it is, turn it off in the conf file. Check that you haven't
> got a line in /etc/hosts that starts '127.0.1.1' , if you do, remove it,
> if you are using DHCP you only need a line like this:
>
> 127.0.0.1    localhost
>
> If you are not using DHCP, you also need a line like this:
>
> 192.168.0.34    host.hij.klm.com    host
>
> Where '192.168.0.34' is the ipaddress of the machine, 'host' is the
> machines hostname.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list