[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed

Rowland penny rpenny at samba.org
Sat Apr 9 07:48:15 UTC 2016


On 09/04/16 08:22, Lists wrote:
> I am trying to setup a Samba4 as Domain Member to Samba 4 AD DC.
> The OS is Centos 7 and the samba is sernet samba 4.3
> When I run the following command
>
> net ads join -U Administrator -S solae.local
>
> I take the following message:
>
> kinit succeeded but ads_sasl_spnego_krb5_bind failed:  Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown
> Failed to join domain: failed to connect to AD:  Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown
>
> here is the smb.conf
>
> # Global parameters
> [global]
> 	netbios name = SOLAD
> 	workgroup = SOLAE
> 	realm = SOLAE.LOCAL
> 	security = ADS
> 	server role = member server
> 	idmap config SOLAE : backend = rid
> #	idmap config SOLAE :schema_mode = rfc2307
> 	idmap config SOLAE : range = 10000-9999999
> 	idmap config * : backend = tdb
> 	idmap config * : range = 10000000-19999999
> 	
> #   	winbind nss info = rfc2307
> #	winbind trusted domains only = no
> #   	winbind use default domain = yes
> #   	winbind enum users  = yes
> #   	winbind enum groups = yes
> #	dns forwarder = 10.0.0.2
> #[home]
> #         path = /home/users
> #         read only = No
>
> #[profiles]
> #      path = /var/lib/samba/profiles
> #      read only = no
>
> [Public]
>        path = /home/Public
>        read only = no
>
> #[Application]
> #	path = /home/Application
> #	read only = no
>
> here is the krb5.conf
> [libdefaults]
> 	default_realm = SOLAE.LOCAL
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
>
> any idea?
>
> Georgios Liolios
>

I take it you didn't see the info about not using '.local', I would 
suggest either changing this, or turn off avahi on all Unix machines.

Try having a look here for how to setup a domain member:

https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

Finally, you shouldn't need the '-S solae.local', the net command should 
find the DC via dns

Rowland




More information about the samba mailing list