[Samba] Unable to join domain?

Rob Townley rob.townley at gmail.com
Sat Feb 6 20:30:05 UTC 2021


I know nothing, so hesitated, but for what its worth:

-on the MS side this week, RPC security tightened up and all non MS members
and all Win7 and below will stop connecting unless explicit exceptions are
implemented.   If SMB was still to work with anything Win8+ based, these
RPC security controls would have had to have been implemented this week.
If it worked last week, it might have stopped working this week.

-i thought SaMBa went to kerberos completely, so what would be the purpose
of winbind?   I would think DNS and the three headed snake would be all
that is needed for joining.

On Sat, Feb 6, 2021 at 2:17 PM Dan Egli via samba <samba at lists.samba.org>
wrote:

> Something screwy is going on. I kept getting password errors, so I
> decided I'd re-provision, just in case the password was written down
> wrong. So I re-ran samba-tool domain provision (after removing
> /etc/samba/smb.conf and /etc/krb5.conf) and recreated the whole domain.
> Then I noticed that samba didn't automatically create the reverse IP
> zone, so I went to create it:
>
>   # samba-tool domain provision --interactive --use-rfc2307
> Realm:  eglifamily.name
> Domain [eglifamily]:
> Server Role (dc, member, standalone) [dc]:
> DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> [SAMBA_INTERNAL]:
> DNS forwarder IP address (write 'none' to disable forwarding)
> [192.168.10.3]:  192.168.10.2
> Administrator password:
> Retype password:
> <output deleted for brevity, no errors reported>
>
> # kinit Administrator
> <success>
>
>   # samba-tool dns zonecreate janus.eglifamily.name
> 10.168.192.in-addr.arpa
> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
>
> ncacn_ip_tcp:2600:100e:b1df:d0d3:20c:29ff:fed0:8fed[49153,sign,target_hostname=
> janus.eglifamily.name,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=2600:100e:b1df:d0d3:20c:29ff:fed0:8fed]
>
> NT_STATUS_UNSUCCESSFUL
> ERROR: Connecting to DNS RPC server janus.eglifamily.name failed with
> (3221225473, '{Operation Failed} The requested operation was
> unsuccessful.')
>
> What did I do wrong?
>
> On 2/6/2021 11:52 AM, Dan Egli via samba wrote:
>
> > I've never even heard of sssd, so it must be an incomplete smb.conf.
> > I'll check out the article. Thanks!
> >
> > On 2/6/2021 2:55 AM, Rowland penny via samba wrote:
> >> On 05/02/2021 22:18, Dan Egli wrote:
> >>> # net join -U Adminisrator%%<PASSWORD>
> >>> Failed to join domain: failed to find DC for domain EGLIFAMILY - The
> >>> object was not found.
> >>>
> >>> # kinit administrator
> >>> kinit: krb5_parse_name_flags: unable to find realm of host Athena
> >>>
> >>> Athena is the machine I'm trying to join into the domain, while
> >>> Janus is the machine I ran samba-tool domain provision on.
> >>>
> >>> Here's my smb.conf for Athena - Sans comments. Not much besides
> >>> printers yet because I wanted to get the machine joined, THEN
> >>> establish the shares.
> >>>
> >>> [global]
> >>>    workgroup = eglifamily
> >>>    server string = Athena
> >>>    server role = member server
> >>>    hosts allow = 192.128.10. 192.168.43. 127.
> >>>    log file = /var/log/samba/log.%m
> >>>    max log size = 50
> >>>    realm = eglifamily.name
> >>>    wins server = 192.168.10.3
> >>>    wins proxy = yes
> >>>    dns proxy = yes
> >>>
> >>
> >> Either you are using sssd or your smb.conf is incomplete, you can no
> >> longer sssd with Samba, you must use winbind, Either way, I suggest
> >> your read this:
> >>
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >>
> >> Rowland
> >>
> >>
> >>
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list