[Samba] Samba domain join issues

Pradeep Rawat pradeeprawat85 at gmail.com
Mon Oct 31 17:06:55 UTC 2016

Hi All,

I am having an issue with Samba joining an active directory domain.

When I run 'net ads join -S mydomaincontrollerFQDN -U adminuser command I
get this error:
Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN.COM'
over rpc:                         Logon failure

The credentials we entered are for sure correct but if we see our domain
controller it count it as a bad password. I see an event logged 4625 with
unknown username or bad password.

Samba version is 3.6.4 and active directory is running on both 2008 R2 and
2012 R2 OS (with DFL/FFL as 2008 R2). I have tried with both versions of
domain controllers without any success.

I have also tried changing LmCompatibilityLevel on domain controllers from
0 till 5 but issue still persist. We initially thought this is because
of MS16-077 patch but we uninstalled it from all our 2008 R2 domain
controllers and 2012 R2 domain didn't have this patch at all.

An example of our smb.conf file is here:

        workgroup = MYDOMAIN
        realm = MYDOMAIN.COM
        netbios name = samba-server
        server string = Samba Server
        security =  DOMAIN
        password server = myDomainControllerName.mydomain.com
        client ntlmv2 auth = yes
        encrypt passwords = yes
        max protocol = smb2
        restrict anonymous = 1
        log level = 2
        username map = /etc/samba/smbusers
        log file = /var/samba/log/log.%m
        debug pid = Yes
        debug uid = Yes
        max xmit = 65535
        name resolve order = host wins bcast lmhosts
        max ttl = 5000
        deadtime = 5
        hostname lookups = Yes
        os level = 20
        local master = No
        domain master = No
        wins server = <ip address of WINS server>
        host msdfs = No
        idmap config * : range = 10000-200000
        idmap config * : backend = tdb
        map archive = No
        map hidden = No
        map system = No
        case sensitive = Yes
        read only = No
        create mask = 0775
        directory mask = 0775
        hide dot files = No
        oplocks = No
        level2 oplocks = No
        strict locking = Yes

Any help or pointers will be appreciated. Thanks in advance.


More information about the samba mailing list