[Samba] Domain self join

Ronny Forberger ronnyforberger at ronnyforberger.de
Fri Nov 11 16:47:50 UTC 2016 


Am 11.11.2016 um 17:33 schrieb Marc Muehlfeld:
> Hello Ronny,
>
> Am 11.11.2016 um 17:19 schrieb Ronny Forberger via samba:
>> I want to authenticate against Samba 4 using samba and sssd on FreeBSD
>> using this guide:
>>
>> http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
>>
>> The problem is, the machine I want to install authentication on is the
>> domain controller itsself.
>>
>> So the following commands show the errors:
>>
>> net ads join createupn=host/macy.ronnyforberger.de at RONNYFORBERGER.DE -k -d1
>> Host is not configured as a member server.
>> Invalid configuration.  Exiting....
>> Failed to join domain: This operation is only allowed for the PDC of the
>> domain.
>>
>> The host role is active directory domain controller.
>> Any ideas how i can join the domain with this host?
>
> If you set up the host as DC, then it is naturally already a member of
> the AD domain. You don't join it.
>
> Just install SSSD and configure it to retrieve user and groups from AD +
> configure PAM. There are several guides on the internet how to configure
> SSSD for AD.
>
>
> Regards,
> Marc
Hi Marc,
thanks, I guessed that.
But the SSSD tell me the following error:
 [select_principal_from_keytab] (0x0200): trying to select the most
appropriate principal from keytab
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[select_principal_from_keytab] (0x0080): No suitable principal found in
keytab
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[ad_set_ad_id_options] (0x0040): Cannot set the SASL-related options
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[load_backend_module] (0x0010): Error (2) in module (ad) initialization
(sssm_ad_id_init)!
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
[be_process_init] (0x0010): fatal error initializing data providers
(Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]] [main]
(0x0010): Could not initialize backend [2]

I thought this is because of not having joined the domain. It's
complaining about the keytab.
Do you have any ideas here?

Best regards,
Ronny
>

-- 
___________________________________
Ronny Forberger 
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html

More information about the samba mailing list