[Samba] join to ads domain failed

Piviul piviul at riminilug.it
Tue Jul 7 07:06:34 UTC 2020 

Hi all, I have a samba AD domain to test to; I don't administer it, I 
have only an administrator account. I can join without problem win PCs 
to the domain but I can't linux PCs. If I try to join it I get the error:
> # net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- CSATEST
> Joined 'FREERADIUS-CT01' to dns domain 'ad.csatest.localcal'
> DNS Update for freeradius-ct01.csatest.localcal failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL

Someone online suggest to add -S option but this is the result:
> # net ads join -S ad.csatest.localcal -U administrator
> Enter administrator's password:
> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/ad.csatest.localcal with user[administrator] realm[AD.CSATEST.LOCALCAL]: An invalid parameter was passed to a service or function.
> Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.

I have followed this guide 
(https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member) 
and this is the smb.conf of the PCs that's trying to join> # Global 
parameters
> [global]
> 	log file = /var/log/samba/log.%m
> 	logging = file
> 	map to guest = Bad User
> 	max log size = 1000
> 	obey pam restrictions = Yes
> 	pam password change = Yes
> 	panic action = /usr/share/samba/panic-action %d
> 	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> 	passwd program = /usr/bin/passwd %u
> 	realm = AD.CSATEST.LOCALCAL
> 	security = ADS
> 	server role = standalone server
> 	template homedir = /home/%U
> 	template shell = /bin/bash
> 	unix password sync = Yes
> 	usershare allow guests = Yes
> 	winbind enum groups = Yes
> 	winbind enum users = Yes
> 	winbind refresh tickets = Yes
> 	workgroup = CSATEST
> 	idmap config csatest : range = 10000-24999
> 	idmap config csatest : backend = rid
> 	idmap config * : range = 3000-9999
> 	idmap config * : backend = tdb
> 	map acl inherit = Yes
> 	vfs objects = acl_xattr
> 
> 
> [homes]
> 	browseable = No
> 	comment = Home Directories
> 	create mask = 0700
> 	directory mask = 0700
> 	valid users = %S
> 
> 
> [printers]
> 	browseable = No
> 	comment = All Printers
> 	create mask = 0700
> 	path = /var/spool/samba
> 	printable = Yes
> 
> 
> [print$]
> 	comment = Printer Drivers
> 	path = /var/lib/samba/printers

I'm new on AD and I can't understand what's wrong. Please can anyone 
help me to join to the domain?

Piviul

More information about the samba mailing list