[Samba] Unable to join domain

Rob Campbell robcampbell08105 at gmail.com
Fri Oct 8 17:53:05 UTC 2021 

> None of the above if FSDC02 is a DC

FSDC02 is not a DC.  It is just a standalone server on my network.  It is
the original server on my network where I was sharing files from.

# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.13 # IP Address of DC (DC1)
search test-server.local

# nslookup dc1.test-server.lan
;; connection timed out; no servers could be reached

# ping 10.0.0.13
PING 10.0.0.13 (10.0.0.13) 56(84) bytes of data.
64 bytes from 10.0.0.13: icmp_seq=1 ttl=64 time=0.224 ms
64 bytes from 10.0.0.13: icmp_seq=2 ttl=64 time=0.248 ms
64 bytes from 10.0.0.13: icmp_seq=3 ttl=64 time=0.386 ms

# ping dc1.test-server.lan
ping: dc1.test-server.lan: Temporary failure in name resolution

# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
10.0.0.10 fsdc02.test-server.lan dc02.test-server.lan

> net ads join -Uadministrator

Don't I need to specify the domain?  I can't get to this step yet but just
asking.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Fri, Oct 8, 2021 at 11:32 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Fri, 2021-10-08 at 10:41 -0400, Rob Campbell wrote:
> > Now, setting up my fedora server as a member to be the file server is
> > the same process or can I add it another way?
>
> No, you cannot provision a Unix domain member, you need to create the
> smb.conf using your choice of winbind backend.
>
> >   Is the cockpit-ad-dc app usable for this activity?
>
> No, that is only for a DC.
>
> >   Or do I need to do this on my Fedora server (FSDC02):
> >
> >   1. systemctl stop samba
> >   2. systemctl stop smb
> >   3. ps ax | egrep "samba|smbd|nmbd|winbindd"
> >   4. kill anything that is running above
> >   5. mv /etc/samba/smb.conf /etc/samba/smb.conf-202110081030
> >   6. rm /etc/krb5.conf
> >   7. for file in `locate *.ldb`;do rm -rf $file;done
> >   8. for file in `locate *.tdb`;do rm -rf $file;done
> >   9. samba-tool domain provision --server-role=dc --use-rfc2307 --
> > dns-backend=SAMBA_INTERNAL --realm=TEST-SERVER.LAN --domain=DC02 --
> > adminpass="Password"
>
> None of the above if FSDC02 is a DC
>
> You need to ensure that none of the Samba binaries are running on your
> new Unix domain member. Install and set up ntp or chrony. Install krb5
> tools, modify /etc/krb5.conf . Create a new smb.conf following the
> wiki. Ensure the /etc/resolv.conf has your dns domain set to the
> 'search' parameter and the first nameserver is a Samba AD DC. Ensure
> that /etc/hosts contains a line like this:
> ipaddress FQDN hostname
> Where:
> 'ipaddress' is the ipaddress of your new Unix domain member
> 'FQDN' is the fully qualified dns name of your new Unix domain member
> 'hostname' is the short hostname of your new Unix domain member
> Unless your new Unix domain member gets its IP info via dhcp, in which
> case, ensure that none of the above points to anything in
> /etc/resolv.conf
>
> Once everything is set up correctly, you join to the domain with:
>
> net ads join -Uadministrator
>
> You should get prompted for the Administrator password and then joined
> to the domain.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list