[Samba] Domain self join

Ronny Forberger ronnyforberger at ronnyforberger.de
Fri Nov 11 16:50:46 UTC 2016 


Am 11.11.2016 um 17:47 schrieb Ronny Forberger:
>
> Am 11.11.2016 um 17:33 schrieb Marc Muehlfeld:
>> Hello Ronny,
>>
>> Am 11.11.2016 um 17:19 schrieb Ronny Forberger via samba:
>>> I want to authenticate against Samba 4 using samba and sssd on FreeBSD
>>> using this guide:
>>>
>>> http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
>>>
>>> The problem is, the machine I want to install authentication on is the
>>> domain controller itsself.
>>>
>>> So the following commands show the errors:
>>>
>>> net ads join createupn=host/macy.ronnyforberger.de at RONNYFORBERGER.DE -k -d1
>>> Host is not configured as a member server.
>>> Invalid configuration.  Exiting....
>>> Failed to join domain: This operation is only allowed for the PDC of the
>>> domain.
>>>
>>> The host role is active directory domain controller.
>>> Any ideas how i can join the domain with this host?
>> If you set up the host as DC, then it is naturally already a member of
>> the AD domain. You don't join it.
>>
>> Just install SSSD and configure it to retrieve user and groups from AD +
>> configure PAM. There are several guides on the internet how to configure
>> SSSD for AD.
>>
>>
>> Regards,
>> Marc
> Hi Marc,
> thanks, I guessed that.
> But the SSSD tell me the following error:
>  [select_principal_from_keytab] (0x0200): trying to select the most
> appropriate principal from keytab
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [find_principal_in_keytab] (0x0020): krb5_kt_start_seq_get failed.
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [select_principal_from_keytab] (0x0080): No suitable principal found in
> keytab
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [ad_set_ad_id_options] (0x0040): Cannot set the SASL-related options
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [load_backend_module] (0x0010): Error (2) in module (ad) initialization
> (sssm_ad_id_init)!
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]]
> [be_process_init] (0x0010): fatal error initializing data providers
> (Fri Nov 11 17:10:11 2016) [sssd[be[ronnyforberger.de]]] [main]
> (0x0010): Could not initialize backend [2]
>
> I thought this is because of not having joined the domain. It's
> complaining about the keytab.
> Do you have any ideas here?
>
> Best regards,
> Ronny
Oh, it works now. I forgot creating the keytab.... Sorry.

-- 
___________________________________
Ronny Forberger 
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html

More information about the samba mailing list