[Samba] Samba domain join issues

lingpanda101 lingpanda101 at gmail.com
Thu Nov 3 19:43:46 UTC 2016


On 10/31/2016 1:06 PM, Pradeep Rawat via samba wrote:
> Hi All,
>
> I am having an issue with Samba joining an active directory domain.
>
> When I run 'net ads join -S mydomaincontrollerFQDN -U adminuser command I
> get this error:
> Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN.COM'
> over rpc:                         Logon failure
>
> The credentials we entered are for sure correct but if we see our domain
> controller it count it as a bad password. I see an event logged 4625 with
> unknown username or bad password.
>
> Samba version is 3.6.4 and active directory is running on both 2008 R2 and
> 2012 R2 OS (with DFL/FFL as 2008 R2). I have tried with both versions of
> domain controllers without any success.
>
> I have also tried changing LmCompatibilityLevel on domain controllers from
> 0 till 5 but issue still persist. We initially thought this is because
> of MS16-077 patch but we uninstalled it from all our 2008 R2 domain
> controllers and 2012 R2 domain didn't have this patch at all.
>
> An example of our smb.conf file is here:
>
> [global]
>          workgroup = MYDOMAIN
>          realm = MYDOMAIN.COM
>          netbios name = samba-server
>          server string = Samba Server
>          security =  DOMAIN
>          password server = myDomainControllerName.mydomain.com
>          client ntlmv2 auth = yes
>          encrypt passwords = yes
>          max protocol = smb2
>          restrict anonymous = 1
>          log level = 2
>          username map = /etc/samba/smbusers
>          log file = /var/samba/log/log.%m
>          debug pid = Yes
>          debug uid = Yes
>          max xmit = 65535
>          name resolve order = host wins bcast lmhosts
>          max ttl = 5000
>          deadtime = 5
>          hostname lookups = Yes
>          os level = 20
>          local master = No
>          domain master = No
>          wins server = <ip address of WINS server>
>          host msdfs = No
>          idmap config * : range = 10000-200000
>          idmap config * : backend = tdb
>          map archive = No
>          map hidden = No
>          map system = No
>          case sensitive = Yes
>          read only = No
>          create mask = 0775
>          directory mask = 0775
>          hide dot files = No
>          oplocks = No
>          level2 oplocks = No
>          strict locking = Yes
>
> Any help or pointers will be appreciated. Thanks in advance.
>
>
>
> Thanks

Shouldn't the parameter 'security = DOMAIN' be 'security = ADS'? I 
thought DOMAIN was for authenticating against a NT domain and ADS was 
for Active Directory?

-- 
- James




More information about the samba mailing list