[Samba] Unable to join domain I think.
Rob Campbell
robcampbell08105 at gmail.com
Tue Sep 13 05:57:18 UTC 2022
[Tue Sep 13 01:53:18] [root at DC01/var/log/samba$] firewall-cmd --permanent
--add-service=samba-dc
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'mysql' (see --get-active-zones)
You most likely need to use --zone=mysql option.
success
[Tue Sep 13 01:53:48] [root at DC01/var/log/samba$] firewall-cmd --reload
success
[Tue Sep 13 01:54:19] [root at dc02/var/log$] net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- HOME
Joined 'DC02' to dns domain 'home.rob-campbell.lan'
DNS Update for dc02.home.rob-campbell.lan failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
At least I am able to get it joined now. Did I miss the instructions on
which ports to open on the DC for this to work or are those instructions
not part of the wiki?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Mon, Sep 12, 2022 at 10:16 PM Rob Campbell <robcampbell08105 at gmail.com>
wrote:
> [Mon Sep 12 21:56:43] [root at dc02~$] realm leave
> [Mon Sep 12 21:57:49] [root at dc02~$] realm list
> [Mon Sep 12 21:57:51] [root at dc02~$] net ads join -U Administrator
> Host is not configured as a member server.
> Invalid configuration. Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> I run through the wiki steps to add a domain member then.
>
> [Mon Sep 12 21:58:12] [root at dc02~$] net ads join -U Administrator
> Enter Administrator's password:
> Failed to join domain: failed to connect to AD: No logon servers are
> currently available to service the logon request.
> [Mon Sep 12 21:58:19] [root at dc02~$] realm list
> home.rob-campbell.lan
> type: kerberos
> realm-name: HOME.ROB-CAMPBELL.LAN
> domain-name: home.rob-campbell.lan
> configured: kerberos-member
> server-software: active-directory
> client-software: winbind
> required-package: winbind
> required-package: libpam-winbind
> required-package: samba-common-bin
> login-formats: HOME\%U
> login-policy: allow-any-login
>
> Not sure what's happening. Is it joining the domain or is it not joining
> the domain?
>
> DNS seems to be working:
> [Mon Sep 12 21:58:23] [root at dc02~$] nslookup dc01
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc01.HOME.ROB-CAMPBELL.LAN
> Address: 10.0.0.10
>
> [Mon Sep 12 22:01:02] [root at dc02~$] nslookup dc01.home.rob-campbell.lan
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc01.home.rob-campbell.lan
> Address: 10.0.0.10
>
> [Mon Sep 12 22:01:08] [root at dc02~$] nslookup 10.0.0.10
> 10.0.0.10.in-addr.arpa name = DC01.HOME.ROB-CAMPBELL.LAN.
>
> [Mon Sep 12 22:01:16] [root at dc02~$] host 10.0.0.10
> 10.0.0.10.in-addr.arpa domain name pointer DC01.HOME.ROB-CAMPBELL.LAN.
> [Mon Sep 12 22:01:20] [root at dc02~$] host dc01
> dc01.HOME.ROB-CAMPBELL.LAN has address 10.0.0.10
> [Mon Sep 12 22:01:26] [root at dc02~$] host dc01.home.rob-campbell.lan
> dc01.home.rob-campbell.lan has address 10.0.0.10
> [Mon Sep 12 22:01:33] [root at dc02~$] nslookup dc02
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc02.HOME.ROB-CAMPBELL.LAN
> Address: 10.0.0.9
>
> [Mon Sep 12 22:01:40] [root at dc02~$] nslookup dc02.home.rob-campbell.lan
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc02.home.rob-campbell.lan
> Address: 10.0.0.9
>
> [Mon Sep 12 22:01:47] [root at dc02~$] nslookup 10.0.0.9
> 9.0.0.10.in-addr.arpa name = dc02.HOME.ROB-CAMPBELL.LAN.
>
> [Mon Sep 12 22:01:59] [root at dc02~$] host 10.0.0.9
> 9.0.0.10.in-addr.arpa domain name pointer dc02.HOME.ROB-CAMPBELL.LAN.
> [Mon Sep 12 22:02:07] [root at dc02~$] host dc02.home.rob-campbell.lan
> dc02.home.rob-campbell.lan has address 10.0.0.9
> [Mon Sep 12 22:02:18] [root at dc02~$] host dc02
> dc02.HOME.ROB-CAMPBELL.LAN has address 10.0.0.9
>
> I'm guessing something is still wrong because I get this error when I try
> to add a user using Enterprise Login:
> Couldn't connect to the home.rob-campbell.lan domain: Cannot find KDC for
> realm "HOME.ROB-CAMPBELL.LAN"
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>
More information about the samba
mailing list