[Samba] Unable to join domain I think.

Rob Campbell robcampbell08105 at gmail.com
Tue Sep 13 21:08:01 UTC 2022

In all things, Be Intentional.

On Tue, Sep 13, 2022 at 4:33 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On 13/09/2022 21:22, Rob Campbell wrote:
> > [Tue Sep 13 16:15:43] [*root at dc02~$*] net ads testjoin
> > Join is OK
> If I remember correctly, DC02 is a Unix domain member, so that (from
> info provided) appears to working correctly.
> >
> > [Tue Sep 13 16:19:14] [*root at D01~$*] net ads testjoin
> > ads_connect: No logon servers are currently available to service the
> > logon request.
> > Join to domain is not valid: No logon servers are currently available to
> > service the logon request.
> Can you go here:
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
> Download the script and run it on 'D01'
> post the output here in a post, do not attach it, this list strips
> attachments. Sanitise it you must.

[Tue Sep 13 17:04:30] [root at D01~$] samba-collect-debug-info.sh

Please wait, collecting debug info.

Password for Administrator at HOME.ROB-CAMPBELL.LAN:
Warning: Your password will expire in 41 days on Tue 25 Oct 2022 12:47:59
Warning: No smb.conf found

The debug info about your system can be found in this file:

Please check this and if required, sanitise it.
Then copy & paste it into an  email to the samba list
Do not attach it to the email, the Samba mailing list strips attachments.

[Tue Sep 13 17:04:41] [root at D01~$] smbd -b | grep 'CONFIGFILE' | awk
'{print $NF}'
[Tue Sep 13 17:04:45] [root at D01~$] cat /etc/samba/smb.conf
security = ADS
workgroup = HOME

log file = /var/log/samba/%m.log
log level = 1

idmap config * : backend = autorid
idmap config * : range = 10000-9999999
idmap config * : rangesize = 200000

username map = /etc/samba/user.map

template shell = /bin/bash
template homedir = /home/%U
[Tue Sep 13 17:04:47] [root at D01~$] cat /tmp/samba-debug-info.txt
Config collected --- 2022-09-13-17:04 -----------

Hostname:   D01
DNS Domain: home.rob-campbell.lan
FQDN:       d01.home.rob-campbell.lan
ipaddress: 2600:4040:4666:f900::1406


This computer is running Debian 11.4 x86_64


running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host
2: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group
default qlen 1000
    link/ether c8:0a:a9:0e:93:23 brd ff:ff:ff:ff:ff:ff
3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
    link/ether c4:17:fe:4e:1a:8b brd ff:ff:ff:ff:ff:ff
    altname wlp2s0
    inet brd scope global dynamic noprefixroute wlo1
       valid_lft 83491sec preferred_lft 83491sec
    inet6 2600:4040:4666:f900::1406/128 scope global dynamic noprefixroute
       valid_lft 2359sec preferred_lft 559sec
    inet6 fe80::7563:2b02:c335:1a7d/64 scope link noprefixroute


Checking file: /etc/hosts localhost d01.home.rob-campbell.lan d01

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


Checking file: /etc/resolv.conf



Kerberos SRV _kerberos._tcp.home.rob-campbell.lan record(s) verified ok,
sample output:

_kerberos._tcp.home.rob-campbell.lan service = 0 100 88


'kinit Administrator' checked successfully.


Samba is not being run as a DC or a Unix domain member.


Checking file: /etc/krb5.conf

default_realm = HOME.ROB-CAMPBELL.LAN
dns_lookup_realm = false
dns_lookup_kdc = true


Checking file: /etc/nsswitch.conf

# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files winbind systemd sss
group:          files winbind systemd sss
shadow:         files sss
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname
networks:       files

protocols:      db files
services:       db files sss
ethers:         db files
rpc:            db files

netgroup:       nis sss
automount:      sss


Time on the DC with PDC Emulator role is: 2022-09-13T17:04:40

Time on this computer is:                 2022-09-13T17:04:41

Time verified ok, within the allowed 300sec margin.
Time offset is currently : 0 seconds


Installed packages:
ii  acl                                           2.2.53-10
       amd64        access control list - utilities
ii  attr                                          1:2.4.48-6
        amd64        utilities for manipulating filesystem extended
ii  fonts-quicksand                               0.2016-2.1
        all          sans-serif font with round attributes
ii  kde-spectacle                                 20.12.3-1
       amd64        Screenshot capture utility
ii  krb5-config                                   2.6+nmu1
        all          Configuration files for Kerberos Version 5
ii  krb5-locales                                  1.18.3-6+deb11u1
        all          internationalization support for MIT Kerberos
ii  krb5-user                                     1.18.3-6+deb11u1
        amd64        basic programs to authenticate using MIT Kerberos
ii  libacl1:amd64                                 2.2.53-10
       amd64        access control list - shared library
ii  libattr1:amd64                                1:2.4.48-6
        amd64        extended attribute handling - shared library
ii  libgssapi-krb5-2:amd64                        1.18.3-6+deb11u1
        amd64        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii  libkrb5-3:amd64                               1.18.3-6+deb11u1
        amd64        MIT Kerberos runtime libraries
ii  libkrb5support0:amd64                         1.18.3-6+deb11u1
        amd64        MIT Kerberos runtime libraries - Support library
ii  libmoox-aliases-perl                          0.001006-1.1
        all          easy aliasing of methods and attributes in Moo
ii  libnss-winbind:amd64                          2:4.13.13+dfsg-1~deb11u5
        amd64        Samba nameservice integration plugins
ii  libpam-krb5:amd64                             4.9-2
       amd64        PAM module for MIT Kerberos
ii  libpam-winbind:amd64                          2:4.13.13+dfsg-1~deb11u5
        amd64        Windows domain authentication integration plugin
ii  libsmbclient:amd64                            2:4.13.13+dfsg-1~deb11u5
        amd64        shared library for communication with SMB/CIFS servers
ii  libwbclient0:amd64                            2:4.13.13+dfsg-1~deb11u5
        amd64        Samba winbind client library
ii  python3-nacl                                  1.4.0-1+b1
        amd64        Python bindings to libsodium (Python 3)
ii  python3-pylibacl:amd64                        0.6.0-1+b1
        amd64        module for manipulating POSIX.1e ACLs (Python3 version)
ii  python3-pyxattr:amd64                         0.7.2-1+b1
        amd64        module for manipulating filesystem extended attributes
ii  python3-samba                                 2:4.13.13+dfsg-1~deb11u5
        amd64        Python 3 bindings for Samba
ii  samba                                         2:4.13.13+dfsg-1~deb11u5
        amd64        SMB/CIFS file, print, and login server for Unix
ii  samba-common                                  2:4.13.13+dfsg-1~deb11u5
        all          common files used by both the Samba server and client
ii  samba-common-bin                              2:4.13.13+dfsg-1~deb11u5
        amd64        Samba common files used by both the server and the
ii  samba-dsdb-modules:amd64                      2:4.13.13+dfsg-1~deb11u5
        amd64        Samba Directory Services Database
ii  samba-libs:amd64                              2:4.13.13+dfsg-1~deb11u5
        amd64        Samba core libraries
ii  samba-vfs-modules:amd64                       2:4.13.13+dfsg-1~deb11u5
        amd64        Samba Virtual FileSystem plugins
ii  smbclient                                     2:4.13.13+dfsg-1~deb11u5
        amd64        command-line SMB/CIFS clients for Unix
ii  sssd-krb5                                     2.4.1-2
       amd64        System Security Services Daemon -- Kerberos back end
ii  sssd-krb5-common                              2.4.1-2
       amd64        System Security Services Daemon -- Kerberos helpers
ii  vlc-plugin-samba:amd64              
        amd64        Samba plugin for VLC
ii  winbind                                       2:4.13.13+dfsg-1~deb11u5
        amd64        service to resolve user and group information from
Windows NT servers


I did fix some things but after fixing I ran it again.  Why does it think I
have no samba file?  Does it have the wrong permissions?

> >
> > [Tue Sep 13 16:19:25] [*_root at DC01/var/log/samba$_*] net ads testjoin
> > kerberos_kinit_password HOME at HOME.ROB-CAMPBELL.LAN failed: Client not
> > found in Kerberos database
> > Join to domain is not valid: The name provided is not a properly formed
> > account name.
> >
> > DC01 us the DC
> And 'net ads testjoin' doesn't work on a DC.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list