[Samba] Joining Samba4 to existing AD
Erick Ocrospoma
zipper1790 at gmail.com
Tue Apr 11 17:15:43 UTC 2017
Hi,
I tried with the latest stable 4.5.x, but with no success.
Do you think you could share your smb.conf ? and also how you built from
source?
I suspect there's something missing in the KRB5 for Samba (due to KDC error
messages).
Thanks in advance!
On 7 April 2017 at 02:26, mj via samba <samba at lists.samba.org> wrote:
> Hi Erick,
>
> We were unable recently to join a 4.6.1 machine to the domain as a domain
> member server. Going back to 4.5.7 solved it immediately.
>
> In our case it turned out to be a bug that will supposedly be fixed in
> samba 4.6.3. Perhaps this same bug is what's biting you...
>
> Try the latest 4.5.x
>
> MJ
>
>
> On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:
>
>> Hi,
>>
>> I have followed this guide on the wiki
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>> isting_Active_Directory,
>> in
>> order to join samba to an existing Active Directory.
>> I'm using CentOS 7, using Samba 4.6 and compiled from source.
>>
>> So the thing is that I'm stuck on step
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>> isting_Active_Directory#Joining_the_Active_Directory_as_a_
>> Domain_Controller
>>
>> Basically when I try to join Samba to the AD I get this error
>>
>> [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
>> "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
>> Finding a writeable DC for domain 'EXAMPLE.COM'
>> Found DC dc-01.example.com
>> Password for [EXAMPLE\Administrator]:
>> workgroup is EXAMPLE
>> realm is example.com
>> Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
>> Adding
>> CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Site
>> s,CN=Configuration,DC=example,DC=com
>> Join failed - cleaning up
>> Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
>> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
>> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
>> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
>> 'CN=Sites,CN=Configuration,DC=example,DC=com'
>>
>>> <>
>>>
>> File
>> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd
>> /__init__.py",
>> line 176, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
>> line 661, in run
>> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
>> line
>> 1269, in join_DC
>> ctx.do_join()
>> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
>> line
>> 1175, in do_join
>> ctx.join_add_objects()
>> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
>> line
>> 606, in join_add_objects
>> ctx.samdb.add(rec)
>>
>>
>> This is my currrent Kerberos conf
>>
>> [root at samba-dc-02 ]# cat /etc/krb5.conf
>> [libdefaults]
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> default_realm = EXAMPLE.COM
>>
>>
>> And the Kerberos ticket is opened successfully.
>>
>> [root at samba-dc-02 ]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: Administrator at EXAMPLE.COM
>>
>> Valid starting Expires Service principal
>> 04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM
>> renew until 04/07/2017 20:42:18
>>
>> The Samba server itelsf resolves to the AD ip
>>
>> [root at samba-dc-02 ]# cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search example.com
>> nameserver 10.3.251.19
>>
>>
>> Anybody have an idea what could be happening? Thanks in advance.
>>
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Erick.
-------------------------------------------
IRC : zerick
Blog : http://zerick.me
About : http://about.me/zerick
Linux User ID : 549567
More information about the samba
mailing list