[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
Rowland penny
rpenny at samba.org
Sat Apr 9 07:48:15 UTC 2016
On 09/04/16 08:22, Lists wrote:
> I am trying to setup a Samba4 as Domain Member to Samba 4 AD DC.
> The OS is Centos 7 and the samba is sernet samba 4.3
> When I run the following command
>
> net ads join -U Administrator -S solae.local
>
> I take the following message:
>
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown
> Failed to join domain: failed to connect to AD: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown
>
> here is the smb.conf
>
> # Global parameters
> [global]
> netbios name = SOLAD
> workgroup = SOLAE
> realm = SOLAE.LOCAL
> security = ADS
> server role = member server
> idmap config SOLAE : backend = rid
> # idmap config SOLAE :schema_mode = rfc2307
> idmap config SOLAE : range = 10000-9999999
> idmap config * : backend = tdb
> idmap config * : range = 10000000-19999999
>
> # winbind nss info = rfc2307
> # winbind trusted domains only = no
> # winbind use default domain = yes
> # winbind enum users = yes
> # winbind enum groups = yes
> # dns forwarder = 10.0.0.2
> #[home]
> # path = /home/users
> # read only = No
>
> #[profiles]
> # path = /var/lib/samba/profiles
> # read only = no
>
> [Public]
> path = /home/Public
> read only = no
>
> #[Application]
> # path = /home/Application
> # read only = no
>
> here is the krb5.conf
> [libdefaults]
> default_realm = SOLAE.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> any idea?
>
> Georgios Liolios
>
I take it you didn't see the info about not using '.local', I would
suggest either changing this, or turn off avahi on all Unix machines.
Try having a look here for how to setup a domain member:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Finally, you shouldn't need the '-S solae.local', the net command should
find the DC via dns
Rowland
More information about the samba
mailing list