[Samba] Domain Member Join Problems

Rowland penny rpenny at samba.org
Tue Oct 8 07:58:52 UTC 2019

On 08/10/2019 00:04, Robert A Wooldridge via samba wrote:
> I'm setting up a domain member with Debian bust ADC and a Debian bust 
> domain member.  I've got a windows machine that has joined the domain 
> and I can login to it.
> The Debian domain member is throwing a DNS error when I do net ads 
> join -Uadministrator:
> net ads join -Uadministrator
> Enter administrator's password:
> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for 
> ldap/athena.edm-inc.com with user[administrator] realm[EDM-INC.COM]: 
> Strong(er) authentication required
> Using short domain name -- EDM
> Joined 'SNAPS2' to dns domain 'edm-inc.com'
> DNS Update for snaps2.edm-inc.com failed: ERROR_DNS_UPDATE_FAILED

Never seen that error message before, the join has worked, but adding 
the dns info has failed

Can we see the smb.conf from both machines.

> Joining with samba-tool I get this:
> samba-tool domain join EDM MEMBER -Uadministrator

Never, I repeat, Never, run that command, I am unsure just what you get, 
but it isn't a Unix domain member.

I take it you ran the first command (net ads join), then the samba-tool 
command, if so, you will need to remove all the files (recursively) from 
/var/lib/samba and start again.


More information about the samba mailing list