[Samba] ?==?utf-8?q? Joining a samba ad dc domain from another samba installation
Rowland Penny
rpenny at samba.org
Tue Apr 26 09:10:35 UTC 2022
On Tue, 2022-04-26 at 10:36 +0200, François Legal via samba wrote:
> Le Lundi, Avril 25, 2022 15:24 CEST, Jonathon Reinhart <
> jonathon.reinhart at gmail.com> a écrit:
>
> > On Mon, Apr 25, 2022 at 7:13 AM François Legal via samba <
> > samba at lists.samba.org> wrote:
> >
> > > samba-tool domain join [my samba domain] DC -k yes --dns-
> > > backend=BIND9_DLZ
> > > --option='idmap_ldb:use rfc2307 = yes'
> > > INFO 2022-04-25 10:41:04,952 pid:374
> > > /usr/lib/python3/dist-packages/samba/join.py #107: Finding a
> > > writeable DC
> > > for domain '[my samba domain]'
> > > INFO 2022-04-25 10:41:04,973 pid:374
> > > /usr/lib/python3/dist-packages/samba/join.py #109: Found DC [my-
> > > dc].[my
> > > samba domain]
> > > ERROR(<class 'samba.join.DCJoinException'>): uncaught exception -
> > > Can't
> > > join, error: 00002020: Operation unavailable without
> > > authentication
> > >
> >
> > I see you used "-k yes". Did you confirm that you have a valid
> > Kerberos TGT
> > for a Domain Admin account? (Run "kinit" to get a ticket and
> > "klist" to
> > check.)
>
> Yes. I’ve kinit administrator@[my realm], the ticket shows out in
> klist afterwards.
> But either using -U administrator (for which no password is
> requested), either --krb5-ccache=/tmp/krb5cc_0 produce the same
> result
>
> François
Provided that krb5.conf and DNS are set up correctly, you should just
run 'kinit administrator' to get a ticket.
I take it that you are doing this as root.
Rowland
More information about the samba
mailing list