[Samba] Samba domain join issues

Rowland Penny rpenny at samba.org
Mon Oct 31 17:55:01 UTC 2016 

On Mon, 31 Oct 2016 22:36:55 +0530
Pradeep Rawat via samba <samba at lists.samba.org> wrote:

> Hi All,
> 
> I am having an issue with Samba joining an active directory domain.
> 
> When I run 'net ads join -S mydomaincontrollerFQDN -U adminuser
> command I get this error:
> Failed to join domain: failed to lookup DC info for domain
> 'MYDOMAIN.COM' over rpc:                         Logon failure
> 
> The credentials we entered are for sure correct but if we see our
> domain controller it count it as a bad password. I see an event
> logged 4625 with unknown username or bad password.
> 
> Samba version is 3.6.4 and active directory is running on both 2008
> R2 and 2012 R2 OS (with DFL/FFL as 2008 R2). I have tried with both
> versions of domain controllers without any success.
> 
> I have also tried changing LmCompatibilityLevel on domain controllers
> from 0 till 5 but issue still persist. We initially thought this is
> because of MS16-077 patch but we uninstalled it from all our 2008 R2
> domain controllers and 2012 R2 domain didn't have this patch at all.
> 
> An example of our smb.conf file is here:
> 
> [global]
>         workgroup = MYDOMAIN
>         realm = MYDOMAIN.COM
>         netbios name = samba-server
>         server string = Samba Server
>         security =  DOMAIN
>         password server = myDomainControllerName.mydomain.com
>         client ntlmv2 auth = yes
>         encrypt passwords = yes
>         max protocol = smb2
>         restrict anonymous = 1
>         log level = 2
>         username map = /etc/samba/smbusers
>         log file = /var/samba/log/log.%m
>         debug pid = Yes
>         debug uid = Yes
>         max xmit = 65535
>         name resolve order = host wins bcast lmhosts
>         max ttl = 5000
>         deadtime = 5
>         hostname lookups = Yes
>         os level = 20
>         local master = No
>         domain master = No
>         wins server = <ip address of WINS server>
>         host msdfs = No
>         idmap config * : range = 10000-200000
>         idmap config * : backend = tdb
>         map archive = No
>         map hidden = No
>         map system = No
>         case sensitive = Yes
>         read only = No
>         create mask = 0775
>         directory mask = 0775
>         hide dot files = No
>         oplocks = No
>         level2 oplocks = No
>         strict locking = Yes
> 
> Any help or pointers will be appreciated. Thanks in advance.
> 
> 
> 
> Thanks

Try replacing 'security =  DOMAIN' with 'security = ADS'

Rowland

More information about the samba mailing list