[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed

Lists list at solae.gr
Sat Apr 9 08:06:20 UTC 2016

The avahi is turned off on all unix mashines. 
I have allready taking a look https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

but I have this problem kinit succeeded but ads_sasl_spnego_krb5_bind failed.

any idea?

On 09/04/16 08:22, Lists wrote:
> I am trying to setup a Samba4 as Domain Member to Samba 4 AD DC.
> The OS is Centos 7 and the samba is sernet samba 4.3
> When I run the following command
> net ads join -U Administrator -S solae.local
> I take the following message:
> kinit succeeded but ads_sasl_spnego_krb5_bind failed:  Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown
> Failed to join domain: failed to connect to AD:  Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown
> here is the smb.conf
> # Global parameters
> [global]
> 	netbios name = SOLAD
> 	workgroup = SOLAE
> 	realm = SOLAE.LOCAL
> 	security = ADS
> 	server role = member server
> 	idmap config SOLAE : backend = rid
> #	idmap config SOLAE :schema_mode = rfc2307
> 	idmap config SOLAE : range = 10000-9999999
> 	idmap config * : backend = tdb
> 	idmap config * : range = 10000000-19999999
> #   	winbind nss info = rfc2307
> #	winbind trusted domains only = no
> #   	winbind use default domain = yes
> #   	winbind enum users  = yes
> #   	winbind enum groups = yes
> #	dns forwarder =
> #[home]
> #         path = /home/users
> #         read only = No
> #[profiles]
> #      path = /var/lib/samba/profiles
> #      read only = no
> [Public]
>        path = /home/Public
>        read only = no
> #[Application]
> #	path = /home/Application
> #	read only = no
> here is the krb5.conf
> [libdefaults]
> 	default_realm = SOLAE.LOCAL
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
> any idea?
> Georgios Liolios

I take it you didn't see the info about not using '.local', I would 
suggest either changing this, or turn off avahi on all Unix machines.

Try having a look here for how to setup a domain member:


Finally, you shouldn't need the '-S solae.local', the net command should 
find the DC via dns


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Αποποίηση ευθύνης: Οι πληροφορίες σε αυτό το email είναι εμπιστευτικές και προορίζονται αποκλειστικά για τον παραλήπτη. Εάν έχετε λάβει αυτό το μήνυμα από λάθος και δεν είστε εσείς ο προοριζόμενος παραλήπτης, σας ενημερώνουμε ότι αποκάλυψη, αντιγραφή, διανομή ή χρήση αυτού του μηνύματος ή των περιεχομένων του απαγορεύεται. Επιπλέον, σας παρακαλούμε να μας στείλετε πίσω το αρχικό μήνυμα στη διεύθυνση postmaster at solae.gr και να διαγράψετε το μήνυμα από το σύστημά σας αμέσως. Οι επικοινωνίες μέσω του Διαδικτύου δεν είναι ασφαλείς και επομένως η ΣΟΛ Α.Ε. Î
 ´ÎµÎ½ αποδέχεται τη νομική ευθύνη για τα περιεχόμενα αυτού του μηνύματος και για οποιαδήποτε ζημιά μπορεί να προκληθεί από ιούς. Απόψεις που διατυπώνονται, είναι αποκλειστικά του συντάκτη και δεν αντιπροσωπεύουν απαραίτητα τις απόψεις της ΣΟΛ Α.Ε.
Email Disclaimer: The information in this email is confidential and is intended solely for the addressee(s). If you have received this transmission in error, and you are not an intended recipient, be aware that any disclosure, copying, distribution or use of this transmission or its contents is prohibited. Furthermore, you are kindly requested to send us back the original message at the address postmaster at solae.gr and delete the message from your system immediately. Internet communications are not secure and therefore the SOL S.A. does not accept legal responsibility for the contents of this message and for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SOL S.A.

More information about the samba mailing list