[Samba] Domain join not happening on Debian/Ubuntu machines
udaypratap.singh65 at gmail.com
Thu Apr 28 17:31:57 UTC 2022
Your question is correct. We are using media domain account whereas we wish
to join the server in AP-MEDIA domain. I explained the same thing to my AD
team to give us the service account in AP-MEDIA domain . But there rational
argument is that when we join using media\svc_domjoin02 it is resolving to
AP.MEDIA.GLOBAL.LOC as I posted in the above mail in the "net ads join"
root at cngzh1dnl01:~# net ads join -U media\\svc_domjoin02
Enter media\svc_domjoin02's password:
kerberos_kinit_password *svc_domjoin02 at AP.MEDIA.GLOBAL.LOC* failed: Client
not found in Kerberos database - - > This line which is resolving to
Failed to join domain: failed to connect to AD: Client not found in
Can you provide us technical justification that why the server will not
join with media domain account . My initial question was the same - The
MEDIA domain account joins the RHEL machines in other domain however that
fails with Debian/Ubuntu machines. According to you - creating the service
account in AP-MEDIA domain to join the server will only resolve the issue.
If yes , then what is the technical concept behind this.
On Thu, Apr 28, 2022 at 6:21 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 2022-04-28 at 17:52 +0100, Sac Isilia via samba wrote:
> > Hi Team,
> > I have done all the settings as mentioned but still the domain join
> > via
> > winbind fails.
> > root at cngzh1dnl01:~# net ads join -U media\\svc_domjoin02
> You posted this:
> workgroup = AP-MEDIA
> So why are you using the user 'media\\svc_domjoin02' to join to the
> 'AP-MEDIA' domain ? the user 'media\\svc_domjoin02' appears to be
> fromanother domain.
> > Enter media\svc_domjoin02's password:
> > kerberos_kinit_password svc_domjoin02 at AP.MEDIA.GLOBAL.LOC failed:
> > Client
> > not found in Kerberos database
> > Failed to join domain: failed to connect to AD: Client not found in
> > Kerberos database
> This is probably because the user is unknown to the domain.
> > Also as quoted above - "If you are going to use multiple domains, you
> > will
> > need to use
> > 'trusts'." - How to do the same ?
> Try reading these:
> However, there isn't really much on the Samba wiki and I don't use
> trusts (I once set up a POC forest, but this was way back at Samba
> 4.9.x). Is there anyone using trusts that could help here ?
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba