[Samba] Samba domain join issues
lingpanda101
lingpanda101 at gmail.com
Thu Nov 3 19:43:46 UTC 2016
On 10/31/2016 1:06 PM, Pradeep Rawat via samba wrote:
> Hi All,
>
> I am having an issue with Samba joining an active directory domain.
>
> When I run 'net ads join -S mydomaincontrollerFQDN -U adminuser command I
> get this error:
> Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN.COM'
> over rpc: Logon failure
>
> The credentials we entered are for sure correct but if we see our domain
> controller it count it as a bad password. I see an event logged 4625 with
> unknown username or bad password.
>
> Samba version is 3.6.4 and active directory is running on both 2008 R2 and
> 2012 R2 OS (with DFL/FFL as 2008 R2). I have tried with both versions of
> domain controllers without any success.
>
> I have also tried changing LmCompatibilityLevel on domain controllers from
> 0 till 5 but issue still persist. We initially thought this is because
> of MS16-077 patch but we uninstalled it from all our 2008 R2 domain
> controllers and 2012 R2 domain didn't have this patch at all.
>
> An example of our smb.conf file is here:
>
> [global]
> workgroup = MYDOMAIN
> realm = MYDOMAIN.COM
> netbios name = samba-server
> server string = Samba Server
> security = DOMAIN
> password server = myDomainControllerName.mydomain.com
> client ntlmv2 auth = yes
> encrypt passwords = yes
> max protocol = smb2
> restrict anonymous = 1
> log level = 2
> username map = /etc/samba/smbusers
> log file = /var/samba/log/log.%m
> debug pid = Yes
> debug uid = Yes
> max xmit = 65535
> name resolve order = host wins bcast lmhosts
> max ttl = 5000
> deadtime = 5
> hostname lookups = Yes
> os level = 20
> local master = No
> domain master = No
> wins server = <ip address of WINS server>
> host msdfs = No
> idmap config * : range = 10000-200000
> idmap config * : backend = tdb
> map archive = No
> map hidden = No
> map system = No
> case sensitive = Yes
> read only = No
> create mask = 0775
> directory mask = 0775
> hide dot files = No
> oplocks = No
> level2 oplocks = No
> strict locking = Yes
>
> Any help or pointers will be appreciated. Thanks in advance.
>
>
>
> Thanks
Shouldn't the parameter 'security = DOMAIN' be 'security = ADS'? I
thought DOMAIN was for authenticating against a NT domain and ADS was
for Active Directory?
--
- James
More information about the samba
mailing list