[Samba] Unable to join to a SAMBA4 domain
Sergio Belkin
sebelk at gmail.com
Tue Feb 5 20:27:08 UTC 2019
El mar., 5 feb. 2019 a las 17:07, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:
> On Tue, 5 Feb 2019 16:51:36 -0300
> Sergio Belkin via samba <samba at lists.samba.org> wrote:
>
> > Hi folks
> >
> > I'm using samba 4.8.3 in CentOS client and samba 4.9.3 from Van Belle
> > repos on server
> >
> > I cannot join to the domain as
> >
> > net ads join -k -d 1
> >
>
> Can you post the following files from both machines:
>
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/krb5.conf
> smb.conf
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Hi Rowland,
Centos files:
/etc/hostname
tiny-fishwife.example.com
/etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.50.30 tiny-fishwife.example.com tiny-fishwife
192.168.254.252 tiny-fishwife.example.com tiny-fishwife
192.168.34.7 tiny-fishwife.example.com tiny-fishwife
office.example.com
192.168.34.7 groupware.example.com
/etc/resolv.conf
domain example.com
search example.com
nameserver 192.168.34.4
/etc/krb5.conf
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
smb.conf
[global]
workgroup = EXAMPLE.COM
server string = NethServer 7.6.1810 final (Samba %v)
security = ADS
realm = EXAMPLE.COM
kerberos method = secrets and keytab
netbios name = TINY-FISHWIFE
Debian 9 ( Samba Server) files:
/etc/hosts
127.0.0.1 localhost
127.0.1.1 dc000.example.com dc000.example.com
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.34.4 ldap.example.com ldap sambaexample
/etc/hostname
dc000.example.com
/etc/resolv.conf
domain example.com
search example.com
nameserver 192.168.34.4
/etc/krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_kdc = true
dns_lookup_realm = false
forwardable = true
proxiable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
smb.conf:
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_kdc = true
dns_lookup_realm = false
forwardable = true
proxiable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
/smb.conf
[global]
dns forwarder = 192.168.0.2 8.8.8.8
netbios name = DC000
realm = EXAMPLE.COM
server role = active directory domain controller
workgroup = EXAMPLE
idmap_ldb:use rfc2307 = yes
# Audit settings
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir read pread write pwrite rename
unlink
full_audit:facility = local5
full_audit:priority = notice
# TLS settings
tls enabled = yes
tls certfile = tls/ldap.example.com/fullchain1.pem
tls keyfile = tls/ldap.example.com/privkey1.pem
tls cafile =
#log auth
log level = 1 auth_audit:3 auth_json_audit:3
[netlogon]
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Thanks in advance!
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
More information about the samba
mailing list