[Samba] Unable to join to a SAMBA4 domain

Rowland Penny rpenny at samba.org
Tue Feb 5 20:51:52 UTC 2019 

On Tue, 5 Feb 2019 17:27:08 -0300
Sergio Belkin <sebelk at gmail.com> wrote:

 
> Hi Rowland,
> 
> Centos files:
> 
> /etc/hostname
> tiny-fishwife.example.com

It should be just the short hostname 'tiny-fishwife'
> 
> /etc/hosts
> 127.0.0.1       localhost       localhost.localdomain

Where does this mythical 'localdomain' come from ?
That was a rhetorical question, it should just be:

127.0.0.1 localhost

> 192.168.50.30           tiny-fishwife.example.com tiny-fishwife
> 192.168.254.252         tiny-fishwife.example.com tiny-fishwife
> 192.168.34.7            tiny-fishwife.example.com tiny-fishwife
> office.example.com
> 192.168.34.7    groupware.example.com

Why have you got multiple IP's for the same hostname ?

> 
> /etc/resolv.conf
> domain example.com
> search example.com
> nameserver 192.168.34.4

If '192.168.34.4' isn't the ipaddress of the Samba DC, change it to the
DC's ipaddress.

> 
> /etc/krb5.conf
> includedir /etc/krb5.conf.d/
> includedir /var/lib/sss/pubconf/krb5.include.d/

The above two lines are probably a large part of your problem,
krb5.conf needs only to be this:

[libdefaults]
    default_realm = EXAMPLE.COM
    dns_lookup_kdc = true
    dns_lookup_realm = false

> smb.conf
> [global]
> workgroup = EXAMPLE.COM
> server string = NethServer 7.6.1810 final (Samba %v)
> security = ADS
> realm = EXAMPLE.COM
> kerberos method = secrets and keytab
> netbios name = TINY-FISHWIFE

Ah, you seem to be planning on using sssd, we do not support sssd.

> 
> Debian 9 ( Samba Server) files:
> 
> /etc/hosts
> 127.0.0.1       localhost
> 127.0.1.1       dc000.example.com       dc000.example.com

I take it that 'dc000' is the Samba AD DC's short hostname, if so,
replace 127.0.1.1' with its ipaddress

> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 192.168.34.4 ldap.example.com ldap sambaexample

The above line is interesting, you pointed the client at that as its
nameserver, if it is the DC's IP, then remove it and create CNAME
records in AD.

> 
> /etc/hostname
> dc000.example.com

Again, it should just be the short hostname 'dc000'

> 
> /etc/resolv.conf
> domain example.com
> search example.com
> nameserver 192.168.34.4
> 
> /etc/krb5.conf
> [libdefaults]
>     default_realm = EXAMPLE.COM
>     dns_lookup_kdc = true
>     dns_lookup_realm = false

It only needs to be the above.

Rowland

More information about the samba mailing list