[Samba] Samba domain join issues

Pradeep Rawat pradeeprawat85 at gmail.com
Thu Nov 3 18:50:38 UTC 2016 

Still looking for some suggestions, recommendations or pointers on this
issue. Kinda stuck with it. It was working well couple of months back and
suddenly stopped working. No known changes were happned on both sides
except installing and then uninstalling MS16-077 patch.

Thanks,
Pradeep


On Tuesday, November 1, 2016, Pradeep Rawat <pradeeprawat85 at gmail.com>
wrote:

> We are running Solaris 10 on the domain member.
> ------------------------------------
> Oracle Solaris 10 8/11 s10x_u10wos_17b X86
>   Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights
> reserved.
>                             Assembled 23 August 2011
> ------------------------------------
>
> How do you I ensure that I get FQDN? The domain member have a static
> record in DNS and I can resolve it without any issues.
>
> I am able to ping domain controllers as well and nslookup domainame on
> solaris domain member does return all IP addresses of our domain.
> I can telnet domain controller over port 445 and 139 ports as well.
>
> Are there any specific configurations related to domain join process that
> I can look for like krb5.conf? kinit works well too and I get a ticket
> issues to adminuser.
>
> On Tue, Nov 1, 2016 at 1:59 AM, Rowland Penny via samba <
> samba at lists.samba.org
> <javascript:_e(%7B%7D,'cvml','samba at lists.samba.org');>> wrote:
>
>> On Tue, 1 Nov 2016 01:45:24 +0530
>> Pradeep Rawat <pradeeprawat85 at gmail.com
>> <javascript:_e(%7B%7D,'cvml','pradeeprawat85 at gmail.com');>> wrote:
>>
>> > I tried to use the smb.conf you mentioned but got same error.
>> > We don't use Microsoft DNS (they just host underscore zones which
>> > then gets transferred to *nix based DNS appliances) so is it required
>> > to have the DC IP entry in /etc/resolv.conf? However, I tried adding
>> > DC IP as well but no luck.
>>
>> Active directory needs to use dns to find the DCs etc, so what ever you
>> use for dns needs to hold all the active directory records and your
>> domain member needs to use whatever is holding the AD records as its
>> nameserver.
>>
>> >
>> > Also, when I run hostname -s or hostname -d, nothing returns.
>>
>> What OS are you running the domain member on ?
>>
>> Normally if you don't get anything from those commands you don't have a
>> FQDN.
>>
>> >
>> > If I return *net ads info* I get this:
>> > LDAP server: <IP Address of domain controller>
>> > LDAP server name: myDC.mydomain.com
>> > Realm: MYDOMAIN.COM
>> > Bind Path: dc=MYDOMAIN,dc=COM
>> > LDAP port: 389
>> > Server time: Mon, 31 Oct 2016 16:04:43 EDT
>> > KDC server: <IP Address of domain controller>
>> > Server time offset: 0
>> >
>> > I ran the net ads join command with -d 10 and seeing this at the end:
>> >
>> > ------------------------------------------------------------
>> ----------------------------------------------------------
>> > NTLMSSP Sign/Seal - Initialising with flags:
>> > Got NTLMSSP neg_flags=0x60088215
>> >   NTLMSSP_NEGOTIATE_UNICODE
>> >   NTLMSSP_REQUEST_TARGET
>> >   NTLMSSP_NEGOTIATE_SIGN
>> >   NTLMSSP_NEGOTIATE_NTLM
>> >   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> >   NTLMSSP_NEGOTIATE_NTLM2
>> >   NTLMSSP_NEGOTIATE_128
>> >   NTLMSSP_NEGOTIATE_KEY_EXCH
>> > smb_signing_sign_pdu: sent SMB signature of
>> > [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
>> > SPNEGO login failed: Logon failure
>> > failed session setup with NT_STATUS_LOGON_FAILURE
>> > libnet_Join:
>> >     libnet_JoinCtx: struct libnet_JoinCtx
>> >         out: struct libnet_JoinCtx
>> >             account_name             : NULL
>> >             netbios_domain_name      : NULL
>> >             dns_domain_name          : NULL
>> >             forest_name              : NULL
>> >             dn                       : NULL
>> >             domain_sid               : NULL
>> >                 domain_sid               : (NULL SID)
>> >             modified_config          : 0x00 (0)
>> >             error_string             : 'failed to lookup DC info for
>> > domain 'MYDOMAIN.COM' over rpc: Logon failure'
>> >             domain_is_ad             : 0x00 (0)
>> >             result                   : WERR_LOGON_FAILURE
>> > Failed to join domain: failed to lookup DC info for domain
>> > 'MYDOMAIN.COM' over rpc: Logon failure
>> > return code = -1
>> > ------------------------------------------------------------
>> ----------------------------------------------------------
>> >
>> >
>>
>> You appear to have dns problems, I would double check everthing, such
>> as, can you ping the DC from the domain member with its hostname i.e.
>> ping -c1 myDC.mydomain.com
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>
> --
> Thanks,
> Pradeep Rawat
>


-- 
Pradeep Rawat

Sent from Gmail Mobile

More information about the samba mailing list