[Samba] Samba domain join issues

Rowland Penny rpenny at samba.org
Mon Oct 31 20:29:06 UTC 2016 

On Tue, 1 Nov 2016 01:45:24 +0530
Pradeep Rawat <pradeeprawat85 at gmail.com> wrote:

> I tried to use the smb.conf you mentioned but got same error.
> We don't use Microsoft DNS (they just host underscore zones which
> then gets transferred to *nix based DNS appliances) so is it required
> to have the DC IP entry in /etc/resolv.conf? However, I tried adding
> DC IP as well but no luck.

Active directory needs to use dns to find the DCs etc, so what ever you
use for dns needs to hold all the active directory records and your
domain member needs to use whatever is holding the AD records as its
nameserver.

> 
> Also, when I run hostname -s or hostname -d, nothing returns.

What OS are you running the domain member on ?

Normally if you don't get anything from those commands you don't have a
FQDN.

> 
> If I return *net ads info* I get this:
> LDAP server: <IP Address of domain controller>
> LDAP server name: myDC.mydomain.com
> Realm: MYDOMAIN.COM
> Bind Path: dc=MYDOMAIN,dc=COM
> LDAP port: 389
> Server time: Mon, 31 Oct 2016 16:04:43 EDT
> KDC server: <IP Address of domain controller>
> Server time offset: 0
> 
> I ran the net ads join command with -d 10 and seeing this at the end:
> 
> ----------------------------------------------------------------------------------------------------------------------
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
> SPNEGO login failed: Logon failure
> failed session setup with NT_STATUS_LOGON_FAILURE
> libnet_Join:
>     libnet_JoinCtx: struct libnet_JoinCtx
>         out: struct libnet_JoinCtx
>             account_name             : NULL
>             netbios_domain_name      : NULL
>             dns_domain_name          : NULL
>             forest_name              : NULL
>             dn                       : NULL
>             domain_sid               : NULL
>                 domain_sid               : (NULL SID)
>             modified_config          : 0x00 (0)
>             error_string             : 'failed to lookup DC info for
> domain 'MYDOMAIN.COM' over rpc: Logon failure'
>             domain_is_ad             : 0x00 (0)
>             result                   : WERR_LOGON_FAILURE
> Failed to join domain: failed to lookup DC info for domain
> 'MYDOMAIN.COM' over rpc: Logon failure
> return code = -1
> ----------------------------------------------------------------------------------------------------------------------
> 
> 

You appear to have dns problems, I would double check everthing, such
as, can you ping the DC from the domain member with its hostname i.e.
ping -c1 myDC.mydomain.com

Rowland

More information about the samba mailing list