Quest of SUSE 10 with Server2k8 AD authentication

Danie Wessels Danie.Wessels at pbmr.co.za
Thu Feb 13 00:49:16 MST 2014 

Finally I start to know enough to can ask questions... =:^)
(How can I add machine 1 and 2 again as DCs with Delegation?)

>> How did you join the VM? Is the first DNS server on the VM set as the DC?
> I have not yet (until just now) successfully joined to the AD.
> The DNS server is the last one in the list in /etc/resolv.conf (not PDC ?) The PDC is the first one.

> I just now has managed to join the oracle VM with netbios name in smb.conf as machine02. 
> Thats all. Could not kinit
Can now kinit and get an update of users with wbinfo -u, although only on myoracle01...
 - This is the problem I want it on machine 1 and 2

> This was the type of problem I had before with with the DNS settings. 
Maybe not exactly the same..
> I had the PDC switching back and forth to obsolete DC's I will investigate this further tomorrow and report back.
Another day later now. The DNS was fixed not to show obsolete DCs any more as name servers.
Now  I somehow got myoracale01 to show as Domain Controller on AD PDC and from that one, myoracle01
I can join AND leave machine 1 and machine 2 by changing the netbios name in its smb.conf file !!! Hooray
This then adds and takes away machine 1 or machine 2 from the AD list of domain Computers.
* Then there is also the question of how to enable or disable Delegation of kerberos through samba?

>>As part of the net ads join process, the machine is registered. 
registered as what?
as Domain Controller in the domain if realm is set to domain and security = user?
as Computer on Domain is security = ads?

>> If it is not then the DC does not know the fqdn of the VM.
>> An easy way to make sure is to un-join, add the fqdn to the localhost line in hosts.conf and rejoin.

>> HTH
>> Steve

Danie W


The perusal, use, dissemination, copying or storing of this message or its attachments and the opening of attachments is subject to PBMR's standard email disclaimer available at internet address: http://www.pbmr.com/index.asp?Content=233 - Disclaimer or on request from the sender.

More information about the samba-technical mailing list