[Samba] Can't join to Domain
basti
mailinglist at unix-solution.de
Fri Aug 4 10:50:26 UTC 2023
On 04.08.23 12:37, Rowland Penny via samba wrote:
>
>
> On 04/08/2023 11:21, basti via samba wrote:
>> Hello,
>> yesterday I setup a AD DC.
>> Today I try to add a Fileserver to the AD.
>>
>> https://wiki.samba.org/index.php/Idmap_config_ad
>>
>> smb.conf:
>>
>> [global]
>>
>> security = ADS
>> workgroup = NET
>> realm = NET.EXAMPLE.COM
>>
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> # Default ID mapping configuration for local BUILTIN accounts
>> # and groups on a domain member. The default (*) domain:
>> # - must not overlap with any domain ID mapping configuration!
>> # - must use a read-write-enabled back end, such as tdb.
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> # - You must set a DOMAIN backend configuration
>> # idmap config for the NET domain
>> idmap config NET:backend = ad
>> idmap config NET:schema_mode = rfc2307
>> idmap config NET:range = 10000-999999
>> idmap config NET:unix_nss_info = yes
>>
>> vfs objects = acl_xattr
>> map acl inherit = yes
>> store dos attributes = yes
>>
>> [homes]
>> comment = Home Directories
>> browseable = no
>>
>> root at fs:/var/lib/samba# cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = NET.EXAMPLE.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> root at fs:/var/lib/samba#
>>
>> root at fs:/var/lib/samba# net ads join -U Administrator
>> Password for [NET\Administrator]:
>> Failed to join domain: failed to lookup DC info for domain
>> 'NET.EXAMPLE:COM' over rpc: Indicates the SID structure is not valid.
>>
>> DNS also works as expected.
>> All tests done on
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> are OK
>>
>>
>>
>
> I take it this is 4.17.9 on bookworm (as your DC was).
> Have you added any rfc2307 attributes to AD ?
> If you temporarily change to the 'rid' idmap backend, does the join then
> work ?
>
> Rowland
>
Yes is is bookworm, sorry.
I setup DC with --use-rfc2307
temporarily change to the 'rid' idmap backend did not help, the error is
the same.
Somethink seems wrong here:
root at dc1:~# net rpc info -U Administrator
Password for [NET\Administrator]:
Could not connect to server DC1
Connection failed: NT_STATUS_INVALID_SID
root at dc1:~#
More information about the samba
mailing list