[Samba] Can't join to Domain
Rowland Penny
rpenny at samba.org
Fri Aug 4 10:37:33 UTC 2023
On 04/08/2023 11:21, basti via samba wrote:
> Hello,
> yesterday I setup a AD DC.
> Today I try to add a Fileserver to the AD.
>
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> smb.conf:
>
> [global]
>
> security = ADS
> workgroup = NET
> realm = NET.EXAMPLE.COM
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> # - You must set a DOMAIN backend configuration
> # idmap config for the NET domain
> idmap config NET:backend = ad
> idmap config NET:schema_mode = rfc2307
> idmap config NET:range = 10000-999999
> idmap config NET:unix_nss_info = yes
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> [homes]
> comment = Home Directories
> browseable = no
>
> root at fs:/var/lib/samba# cat /etc/krb5.conf
> [libdefaults]
> default_realm = NET.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
> root at fs:/var/lib/samba#
>
> root at fs:/var/lib/samba# net ads join -U Administrator
> Password for [NET\Administrator]:
> Failed to join domain: failed to lookup DC info for domain
> 'NET.EXAMPLE:COM' over rpc: Indicates the SID structure is not valid.
>
> DNS also works as expected.
> All tests done on
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member are OK
>
>
>
I take it this is 4.17.9 on bookworm (as your DC was).
Have you added any rfc2307 attributes to AD ?
If you temporarily change to the 'rid' idmap backend, does the join then
work ?
Rowland
More information about the samba
mailing list