[Samba] samba member server

Rowland penny rpenny at samba.org
Mon Feb 1 17:02:28 UTC 2016 

See inline comments:

On 01/02/16 16:49, Eduardo Miranda wrote:
> Configuration files are these, I'm using debian 8 and samba 4.3.2
>
> kerberos
>
> [libdefaults]
>     default_realm = VIRTUS.CU
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>

OK

> Samba
>
> [global]
>        netbios name = radius
>        security = ADS
>        workgroup = CEDAI
>        realm = virtus.cu
>
>        log file = /var/log/samba/samba.log
>        log level = 1
>
>        dedicated keytab file = /etc/krb5.keytab
>        kerberos method = secrets and keytab
>        winbind refresh tickets = yes
>
>        winbind trusted domains only = no
>        winbind use default domain = yes
>        winbind enum users  = yes
>        winbind enum groups = yes
>
>        # idmap config used for your domain.
>        # Choose one of the following backends fitting to your
>        # requirements and add the corresponding configuration.
>        #    idmap config ad
>        #  - idmap config rid
>        #  - idmap config autorid
>
>

You appear to have half your smb.conf missing, go back to the wiki page 
and click on one of the links, either 'idmap config ad' or 'idmap config 
rid'

Is the domain member using dhcp and is /etc/resolv.conf and /etc/hosts 
set up correctly ?

Rowland

> The strange is that the kerberos test does not give error
>
>
> root at radius:/usr/local/samba/bin# kinit eduardo
> Password for eduardo at VIRTUS.CU:
> Warning: Your password will expire in 44 days on lun 14 mar 2016 
> 16:25:48 CDT
> root at radius:/usr/local/samba/bin# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: eduardo at VIRTUS.CU
>
> Valid starting     Expires            Service principal
> 29/01/16 15:50:33  30/01/16 01:50:33 krbtgt/VIRTUS.CU at VIRTUS.CU
>         renew until 30/01/16 15:50:27
>
> root at radius:/usr/local/samba/bin# kinit administrator
> Password for administrator at VIRTUS.CU:
> root at radius:/usr/local/samba/bin# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at VIRTUS.CU
>
> Valid starting     Expires            Service principal
> 29/01/16 15:50:57  30/01/16 01:50:57 krbtgt/VIRTUS.CU at VIRTUS.CU
>         renew until 30/01/16 15:50:51
> root at radius:/usr/local/samba/bin#
>
>
> Eduardo
>
> El 28/01/16 a las 13:38, Rowland penny escibiĆ³:
>> On 28/01/16 16:58, Eduardo Miranda wrote:
>>> Hello:
>>>
>>> I'm setting up a Samba as a domain member server, but when I run the 
>>> command to attach it to my domain server gives me the following error
>>>
>>> ./net ads join -U administrator
>>> Enter administrator's password:
>>> Failed to join domain: failed to set machine kerberos encryption 
>>> types: No such attribute
>>>
>>> regards
>>>
>>> Eduardo
>>>
>>>
>>>
>>
>> OK, can you post your smb.conf from the domain member, also what OS 
>> are you using, what is the DC, also post your /etc/krb5.conf
>>
>> Rowland
>>
>>
>

More information about the samba mailing list