[Samba] join to ads domain failed
Piviul
piviul at riminilug.it
Tue Jul 7 07:06:34 UTC 2020
Hi all, I have a samba AD domain to test to; I don't administer it, I
have only an administrator account. I can join without problem win PCs
to the domain but I can't linux PCs. If I try to join it I get the error:
> # net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- CSATEST
> Joined 'FREERADIUS-CT01' to dns domain 'ad.csatest.localcal'
> DNS Update for freeradius-ct01.csatest.localcal failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
Someone online suggest to add -S option but this is the result:
> # net ads join -S ad.csatest.localcal -U administrator
> Enter administrator's password:
> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/ad.csatest.localcal with user[administrator] realm[AD.CSATEST.LOCALCAL]: An invalid parameter was passed to a service or function.
> Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
I have followed this guide
(https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member)
and this is the smb.conf of the PCs that's trying to join> # Global
parameters
> [global]
> log file = /var/log/samba/log.%m
> logging = file
> map to guest = Bad User
> max log size = 1000
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> realm = AD.CSATEST.LOCALCAL
> security = ADS
> server role = standalone server
> template homedir = /home/%U
> template shell = /bin/bash
> unix password sync = Yes
> usershare allow guests = Yes
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind refresh tickets = Yes
> workgroup = CSATEST
> idmap config csatest : range = 10000-24999
> idmap config csatest : backend = rid
> idmap config * : range = 3000-9999
> idmap config * : backend = tdb
> map acl inherit = Yes
> vfs objects = acl_xattr
>
>
> [homes]
> browseable = No
> comment = Home Directories
> create mask = 0700
> directory mask = 0700
> valid users = %S
>
>
> [printers]
> browseable = No
> comment = All Printers
> create mask = 0700
> path = /var/spool/samba
> printable = Yes
>
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
I'm new on AD and I can't understand what's wrong. Please can anyone
help me to join to the domain?
Piviul
More information about the samba
mailing list