[Samba] Samba domain join issues
Rowland Penny
rpenny at samba.org
Mon Oct 31 17:55:01 UTC 2016
On Mon, 31 Oct 2016 22:36:55 +0530
Pradeep Rawat via samba <samba at lists.samba.org> wrote:
> Hi All,
>
> I am having an issue with Samba joining an active directory domain.
>
> When I run 'net ads join -S mydomaincontrollerFQDN -U adminuser
> command I get this error:
> Failed to join domain: failed to lookup DC info for domain
> 'MYDOMAIN.COM' over rpc: Logon failure
>
> The credentials we entered are for sure correct but if we see our
> domain controller it count it as a bad password. I see an event
> logged 4625 with unknown username or bad password.
>
> Samba version is 3.6.4 and active directory is running on both 2008
> R2 and 2012 R2 OS (with DFL/FFL as 2008 R2). I have tried with both
> versions of domain controllers without any success.
>
> I have also tried changing LmCompatibilityLevel on domain controllers
> from 0 till 5 but issue still persist. We initially thought this is
> because of MS16-077 patch but we uninstalled it from all our 2008 R2
> domain controllers and 2012 R2 domain didn't have this patch at all.
>
> An example of our smb.conf file is here:
>
> [global]
> workgroup = MYDOMAIN
> realm = MYDOMAIN.COM
> netbios name = samba-server
> server string = Samba Server
> security = DOMAIN
> password server = myDomainControllerName.mydomain.com
> client ntlmv2 auth = yes
> encrypt passwords = yes
> max protocol = smb2
> restrict anonymous = 1
> log level = 2
> username map = /etc/samba/smbusers
> log file = /var/samba/log/log.%m
> debug pid = Yes
> debug uid = Yes
> max xmit = 65535
> name resolve order = host wins bcast lmhosts
> max ttl = 5000
> deadtime = 5
> hostname lookups = Yes
> os level = 20
> local master = No
> domain master = No
> wins server = <ip address of WINS server>
> host msdfs = No
> idmap config * : range = 10000-200000
> idmap config * : backend = tdb
> map archive = No
> map hidden = No
> map system = No
> case sensitive = Yes
> read only = No
> create mask = 0775
> directory mask = 0775
> hide dot files = No
> oplocks = No
> level2 oplocks = No
> strict locking = Yes
>
> Any help or pointers will be appreciated. Thanks in advance.
>
>
>
> Thanks
Try replacing 'security = DOMAIN' with 'security = ADS'
Rowland
More information about the samba
mailing list