Quantcast

Joining Samba4 to existing AD

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Joining Samba4 to existing AD

Samba - General mailing list
Hi,

I have followed this guide on the wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
in
order to join samba to an existing Active Directory.
I'm using CentOS 7, using Samba 4.6 and compiled from source.

So the thing is that I'm stuck on step
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller

Basically when I try to join Samba to the AD I get this error

[root@samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
"EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'EXAMPLE.COM'
Found DC dc-01.example.com
Password for [EXAMPLE\Administrator]:
workgroup is EXAMPLE
realm is example.com
Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Sites,CN=Configuration,DC=example,DC=com'
> <>
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1269, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1175, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
606, in join_add_objects
    ctx.samdb.add(rec)


This is my currrent Kerberos conf

[root@samba-dc-02 ]# cat /etc/krb5.conf
[libdefaults]
        dns_lookup_realm = false
        dns_lookup_kdc = true
        default_realm = EXAMPLE.COM


And the Kerberos ticket is opened successfully.

[root@samba-dc-02 ]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [hidden email]

Valid starting       Expires              Service principal
04/06/2017 20:42:24  04/07/2017 06:42:24  krbtgt/[hidden email]
        renew until 04/07/2017 20:42:18

The Samba server itelsf resolves to the AD ip

[root@samba-dc-02 ]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.3.251.19


Anybody have an idea what could be happening? Thanks in advance.



--

Erick.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
Hi Erick,

We were unable recently to join a 4.6.1 machine to the domain as a
domain member server. Going back to 4.5.7 solved it immediately.

In our case it turned out to be a bug that will supposedly be fixed in
samba 4.6.3. Perhaps this same bug is what's biting you...

Try the latest 4.5.x

MJ

On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:

> Hi,
>
> I have followed this guide on the wiki
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
> in
> order to join samba to an existing Active Directory.
> I'm using CentOS 7, using Samba 4.6 and compiled from source.
>
> So the thing is that I'm stuck on step
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
>
> Basically when I try to join Samba to the AD I get this error
>
> [root@samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
> "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'EXAMPLE.COM'
> Found DC dc-01.example.com
> Password for [EXAMPLE\Administrator]:
> workgroup is EXAMPLE
> realm is example.com
> Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
> Adding
> CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> Join failed - cleaning up
> Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
>         'CN=Sites,CN=Configuration,DC=example,DC=com'
>> <>
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> 1269, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> 1175, in do_join
>     ctx.join_add_objects()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> 606, in join_add_objects
>     ctx.samdb.add(rec)
>
>
> This is my currrent Kerberos conf
>
> [root@samba-dc-02 ]# cat /etc/krb5.conf
> [libdefaults]
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>         default_realm = EXAMPLE.COM
>
>
> And the Kerberos ticket is opened successfully.
>
> [root@samba-dc-02 ]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: [hidden email]
>
> Valid starting       Expires              Service principal
> 04/06/2017 20:42:24  04/07/2017 06:42:24  krbtgt/[hidden email]
>         renew until 04/07/2017 20:42:18
>
> The Samba server itelsf resolves to the AD ip
>
> [root@samba-dc-02 ]# cat /etc/resolv.conf
> # Generated by NetworkManager
> search example.com
> nameserver 10.3.251.19
>
>
> Anybody have an idea what could be happening? Thanks in advance.
>
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
Hi,

I tried with the latest stable 4.5.x, but with no success.

Do you think you could share your smb.conf ? and also how you built from
source?
I suspect there's something missing in the KRB5 for Samba (due to KDC error
messages).

Thanks in advance!


On 7 April 2017 at 02:26, mj via samba <[hidden email]> wrote:

> Hi Erick,
>
> We were unable recently to join a 4.6.1 machine to the domain as a domain
> member server. Going back to 4.5.7 solved it immediately.
>
> In our case it turned out to be a bug that will supposedly be fixed in
> samba 4.6.3. Perhaps this same bug is what's biting you...
>
> Try the latest 4.5.x
>
> MJ
>
>
> On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:
>
>> Hi,
>>
>> I have followed this guide on the wiki
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>> isting_Active_Directory,
>> in
>> order to join samba to an existing Active Directory.
>> I'm using CentOS 7, using Samba 4.6 and compiled from source.
>>
>> So the thing is that I'm stuck on step
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex
>> isting_Active_Directory#Joining_the_Active_Directory_as_a_
>> Domain_Controller
>>
>> Basically when I try to join Samba to the AD I get this error
>>
>> [root@samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
>> "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
>> Finding a writeable DC for domain 'EXAMPLE.COM'
>> Found DC dc-01.example.com
>> Password for [EXAMPLE\Administrator]:
>> workgroup is EXAMPLE
>> realm is example.com
>> Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
>> Adding
>> CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Site
>> s,CN=Configuration,DC=example,DC=com
>> Join failed - cleaning up
>> Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
>> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
>> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
>> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
>>         'CN=Sites,CN=Configuration,DC=example,DC=com'
>>
>>> <>
>>>
>>   File
>> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd
>> /__init__.py",
>> line 176, in _run
>>     return self.run(*args, **kwargs)
>>   File
>> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
>> line 661, in run
>>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
>> line
>> 1269, in join_DC
>>     ctx.do_join()
>>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
>> line
>> 1175, in do_join
>>     ctx.join_add_objects()
>>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
>> line
>> 606, in join_add_objects
>>     ctx.samdb.add(rec)
>>
>>
>> This is my currrent Kerberos conf
>>
>> [root@samba-dc-02 ]# cat /etc/krb5.conf
>> [libdefaults]
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
>>         default_realm = EXAMPLE.COM
>>
>>
>> And the Kerberos ticket is opened successfully.
>>
>> [root@samba-dc-02 ]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: [hidden email]
>>
>> Valid starting       Expires              Service principal
>> 04/06/2017 20:42:24  04/07/2017 06:42:24  krbtgt/[hidden email]
>>         renew until 04/07/2017 20:42:18
>>
>> The Samba server itelsf resolves to the AD ip
>>
>> [root@samba-dc-02 ]# cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search example.com
>> nameserver 10.3.251.19
>>
>>
>> Anybody have an idea what could be happening? Thanks in advance.
>>
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--


Erick.


-------------------------------------------
IRC     :   zerick
Blog    : http://zerick.me
About :  http://about.me/zerick
Linux User ID :  549567
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
On Tue, 11 Apr 2017 12:15:43 -0500
Erick Ocrospoma via samba <[hidden email]> wrote:

> Hi,
>
> I tried with the latest stable 4.5.x, but with no success.
>
> Do you think you could share your smb.conf ? and also how you built
> from source?
> I suspect there's something missing in the KRB5 for Samba (due to KDC
> error messages).
>

Try it like this:

samba-tool domain join EXAMPLE.COM DC -UAdministrator
--realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL

If that doesn't work, can you post /etc/hosts, can you also explain why
you are allowing Network-Manager to set /etc/resolv.conf, does the soon
to be a DC get its IP from DHCP ??

Does smb.conf already exist ? it shouldn't

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
Hi Rowland, thanks for your reply.

I tried the command as suggested, and this is what I get:


[root@dc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator
 --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'EXAMPLE.COM'
Found DC dc-01.example.com
Password for [WORKGROUP\Administrator]:
workgroup is EXAMPLE
realm is example.com
Adding CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=LIM-INF1-DNS-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
Deleted CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Sites,CN=Configuration,DC=example,DC=com'
> <>
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1253, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1151, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
593, in join_add_objects
    ctx.samdb.add(rec)



This is the content of /etc/hosts


[root@dc-02 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4 dc-02.example.com dc-02
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
10.3.251.19     dc-01.example.com  dc-01


Also, I tried by enabling debug level 3


[root@dc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator
 --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL --debug 3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'EXAMPLE.COM'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.EXAMPLE.COM
<0x0>
Found DC dc-01.example.com
resolve_lmhosts: Attempting lmhosts lookup for name dc-01.example.com<0x20>
Password for [WORKGROUP\Administrator]:
Aquiring initiator credentials failed: kinit for [hidden email]
failed (Wrong realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is EXAMPLE
realm is example.com
Adding CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=LIM-INF1-DNS-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for EXAMPLE from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=EXAMPLE)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4575) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Sites,CN=Configuration,DC=example,DC=com'
> <>
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1253, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1151, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
593, in join_add_objects
    ctx.samdb.add(rec)


I see some lines mentioning kinit auth, but I tried to get a new ticket and
it worked


[root@dc-02 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [hidden email]

Valid starting       Expires              Service principal
04/12/2017 11:39:06  04/12/2017 21:39:06  krbtgt/[hidden email]
        renew until 04/13/2017 11:38:59



This machine does not get it's IP from DHCP, but yes, it is managed by
Network Manager, but IP and DNS config are static values.


On 11 April 2017 at 12:38, Rowland Penny via samba <[hidden email]>
wrote:

> On Tue, 11 Apr 2017 12:15:43 -0500
> Erick Ocrospoma via samba <[hidden email]> wrote:
>
> > Hi,
> >
> > I tried with the latest stable 4.5.x, but with no success.
> >
> > Do you think you could share your smb.conf ? and also how you built
> > from source?
> > I suspect there's something missing in the KRB5 for Samba (due to KDC
> > error messages).
> >
>
> Try it like this:
>
> samba-tool domain join EXAMPLE.COM DC -UAdministrator
> --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL
>
> If that doesn't work, can you post /etc/hosts, can you also explain why
> you are allowing Network-Manager to set /etc/resolv.conf, does the soon
> to be a DC get its IP from DHCP ??
>
> Does smb.conf already exist ? it shouldn't
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--


Erick.


-------------------------------------------
IRC     :   zerick
Blog    : http://zerick.me
About :  http://about.me/zerick
Linux User ID :  549567
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
Oh, also, I was asking about the smb.conf because googling I saw some
smb.conf with some entries for Kerberos which supposely fixed/helped other
people.

Currently my /etc/samba/ is empty, so I think it is normal from a Samba
built from source.



On 12 April 2017 at 10:17, Erick Ocrospoma <[hidden email]> wrote:

> Hi Rowland, thanks for your reply.
>
> I tried the command as suggested, and this is what I get:
>
>
> [root@dc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator
>  --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'EXAMPLE.COM'
> Found DC dc-01.example.com
> Password for [WORKGROUP\Administrator]:
> workgroup is EXAMPLE
> realm is example.com
> Adding CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
> Adding CN=LIM-INF1-DNS-02,CN=Servers,CN=Default-First-Site-Name,CN=
> Sites,CN=Configuration,DC=example,DC=com
> Join failed - cleaning up
> Deleted CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
>         'CN=Sites,CN=Configuration,DC=example,DC=com'
> > <>
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 652, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
> line 1253, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
> line 1151, in do_join
>     ctx.join_add_objects()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
> line 593, in join_add_objects
>     ctx.samdb.add(rec)
>
>
>
> This is the content of /etc/hosts
>
>
> [root@dc-02 ~]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4 dc-02.example.com dc-02
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 10.3.251.19     dc-01.example.com  dc-01
>
>
> Also, I tried by enabling debug level 3
>
>
> [root@dc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator
>  --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL --debug 3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'EXAMPLE.COM'
> resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.EXAMPLE.COM
> <0x0>
> Found DC dc-01.example.com
> resolve_lmhosts: Attempting lmhosts lookup for name dc-01.example.com
> <0x20>
> Password for [WORKGROUP\Administrator]:
> Aquiring initiator credentials failed: kinit for [hidden email]
> failed (Wrong realm)
>
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> workgroup is EXAMPLE
> realm is example.com
> Adding CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
> Adding CN=LIM-INF1-DNS-02,CN=Servers,CN=Default-First-Site-Name,CN=
> Sites,CN=Configuration,DC=example,DC=com
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for EXAMPLE from both secrets.ldb (Could not find
> entry to match filter: '(&(flatname=EXAMPLE)(objectclass=primaryDomain))'
> base: 'cn=Primary Domains': No such object: dsdb_search at
> ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
>         'CN=Sites,CN=Configuration,DC=example,DC=com'
> > <>
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 652, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
> line 1253, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
> line 1151, in do_join
>     ctx.join_add_objects()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
> line 593, in join_add_objects
>     ctx.samdb.add(rec)
>
>
> I see some lines mentioning kinit auth, but I tried to get a new ticket
> and it worked
>
>
> [root@dc-02 ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: [hidden email]
>
> Valid starting       Expires              Service principal
> 04/12/2017 11:39:06  04/12/2017 21:39:06  krbtgt/[hidden email]
>         renew until 04/13/2017 11:38:59
>
>
>
> This machine does not get it's IP from DHCP, but yes, it is managed by
> Network Manager, but IP and DNS config are static values.
>
>
> On 11 April 2017 at 12:38, Rowland Penny via samba <[hidden email]>
> wrote:
>
>> On Tue, 11 Apr 2017 12:15:43 -0500
>> Erick Ocrospoma via samba <[hidden email]> wrote:
>>
>> > Hi,
>> >
>> > I tried with the latest stable 4.5.x, but with no success.
>> >
>> > Do you think you could share your smb.conf ? and also how you built
>> > from source?
>> > I suspect there's something missing in the KRB5 for Samba (due to KDC
>> > error messages).
>> >
>>
>> Try it like this:
>>
>> samba-tool domain join EXAMPLE.COM DC -UAdministrator
>> --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL
>>
>> If that doesn't work, can you post /etc/hosts, can you also explain why
>> you are allowing Network-Manager to set /etc/resolv.conf, does the soon
>> to be a DC get its IP from DHCP ??
>>
>> Does smb.conf already exist ? it shouldn't
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
>
>
> Erick.
>
>
> -------------------------------------------
> IRC     :   zerick
> Blog    : http://zerick.me
> About :  http://about.me/zerick
> Linux User ID :  549567
>



--


Erick.


-------------------------------------------
IRC     :   zerick
Blog    : http://zerick.me
About :  http://about.me/zerick
Linux User ID :  549567
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 12 Apr 2017 10:17:38 -0500
Erick Ocrospoma <[hidden email]> wrote:

> Hi Rowland, thanks for your reply.
>
>
> This is the content of /etc/hosts
>
>
> [root@dc-02 ~]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4 dc-02.example.com dc-02
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 10.3.251.19     dc-01.example.com  dc-01
>
>

Try changing it to this:

127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain localhost6
10.3.251.19 dc-02.example.com dc-02

Provided that the IP of the new DC is '10.3.251.19' and the short
hostname is 'dc-02' and the the dns domain is 'example.com'


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
In reply to this post by Samba - General mailing list
Correct you need a smb.conf.

https://wiki.samba.org/index.php/User_Documentation 

 

And please do correct your hosts file before you join.

 

>>  127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 dc-02.example.com dc-02 << NOT GOOD

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.3.251.19                    dc-01.example.com  dc-01  << CORRECT

 

 

Greetz,

 

Louis

 

 

 

 

> -----Oorspronkelijk bericht-----

> Van: samba [mailto:[hidden email]] Namens Erick Ocrospoma

> via samba

> Verzonden: woensdag 12 april 2017 17:24

> Aan: Rowland Penny

> CC: Samba mailing list

> Onderwerp: Re: [Samba] Joining Samba4 to existing AD

>

> Oh, also, I was asking about the smb.conf because googling I saw some

> smb.conf with some entries for Kerberos which supposely fixed/helped other

> people.

>

> Currently my /etc/samba/ is empty, so I think it is normal from a Samba

> built from source.

>

>

>

> On 12 April 2017 at 10:17, Erick Ocrospoma <[hidden email]> wrote:

>

> > Hi Rowland, thanks for your reply.

> >

> > I tried the command as suggested, and this is what I get:

> >

> >

> > [root@dc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator

> >  --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL

> > Finding a writeable DC for domain 'EXAMPLE.COM'

> > Found DC dc-01.example.com

> > Password for [WORKGROUP\Administrator]:

> > workgroup is EXAMPLE

> > realm is example.com

> > Adding CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com

> > Adding CN=LIM-INF1-DNS-02,CN=Servers,CN=Default-First-Site-Name,CN=

> > Sites,CN=Configuration,DC=example,DC=com

> > Join failed - cleaning up

> > Deleted CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com

> > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -

> > CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:

> > DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:

> >         'CN=Sites,CN=Configuration,DC=example,DC=com'

> > > <>

> >   File "/usr/local/samba/lib64/python2.7/site-

> packages/samba/netcmd/__init__.py",

> > line 176, in _run

> >     return self.run(*args, **kwargs)

> >   File "/usr/local/samba/lib64/python2.7/site-

> packages/samba/netcmd/domain.py",

> > line 652, in run

> >     machinepass=machinepass, use_ntvfs=use_ntvfs,

> dns_backend=dns_backend)

> >   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",

> > line 1253, in join_DC

> >     ctx.do_join()

> >   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",

> > line 1151, in do_join

> >     ctx.join_add_objects()

> >   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",

> > line 593, in join_add_objects

> >     ctx.samdb.add(rec)

> >

> >

> >

> > This is the content of /etc/hosts

> >

> >

> > [root@dc-02 ~]# cat /etc/hosts

> > 127.0.0.1   localhost localhost.localdomain localhost4

> > localhost4.localdomain4 dc-02.example.com dc-02

> > ::1         localhost localhost.localdomain localhost6

> > localhost6.localdomain6

> > 10.3.251.19     dc-01.example.com  dc-01

> >

> >

> > Also, I tried by enabling debug level 3

> >

> >

> > [root@dc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator

> >  --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL --debug 3

> > GENSEC backend 'gssapi_spnego' registered

> > GENSEC backend 'gssapi_krb5' registered

> > GENSEC backend 'gssapi_krb5_sasl' registered

> > GENSEC backend 'spnego' registered

> > GENSEC backend 'schannel' registered

> > GENSEC backend 'naclrpc_as_system' registered

> > GENSEC backend 'sasl-EXTERNAL' registered

> > GENSEC backend 'ntlmssp' registered

> > GENSEC backend 'ntlmssp_resume_ccache' registered

> > GENSEC backend 'http_basic' registered

> > GENSEC backend 'http_ntlm' registered

> > GENSEC backend 'krb5' registered

> > GENSEC backend 'fake_gssapi_krb5' registered

> > Finding a writeable DC for domain 'EXAMPLE.COM'

> > resolve_lmhosts: Attempting lmhosts lookup for name

> _ldap._tcp.EXAMPLE.COM

> > <0x0>

> > Found DC dc-01.example.com

> > resolve_lmhosts: Attempting lmhosts lookup for name dc-01.example.com

> > <0x20>

> > Password for [WORKGROUP\Administrator]:

> > Aquiring initiator credentials failed: kinit for

> [hidden email]

> > failed (Wrong realm)

> >

> > SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:

> NT_STATUS_UNSUCCESSFUL

> > Got challenge flags:

> > Got NTLMSSP neg_flags=0x62898235

> > NTLMSSP: Set final flags:

> > Got NTLMSSP neg_flags=0x62088235

> > NTLMSSP Sign/Seal - Initialising with flags:

> > Got NTLMSSP neg_flags=0x62088235

> > NTLMSSP Sign/Seal - Initialising with flags:

> > Got NTLMSSP neg_flags=0x62088235

> > workgroup is EXAMPLE

> > realm is example.com

> > Adding CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com

> > Adding CN=LIM-INF1-DNS-02,CN=Servers,CN=Default-First-Site-Name,CN=

> > Sites,CN=Configuration,DC=example,DC=com

> > Join failed - cleaning up

> > ldb_wrap open of secrets.ldb

> > Could not find machine account in secrets database: Failed to fetch

> > machine account password for EXAMPLE from both secrets.ldb (Could not

> find

> > entry to match filter:

> '(&(flatname=EXAMPLE)(objectclass=primaryDomain))'

> > base: 'cn=Primary Domains': No such object: dsdb_search at

> > ../source4/dsdb/common/util.c:4575) and from

> /var/lib/samba/private/secrets.tdb:

> > NT_STATUS_CANT_ACCESS_DOMAIN_INFO

> > Deleted CN=LIM-INF1-DNS-02,OU=Domain Controllers,DC=example,DC=com

> > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -

> > CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:

> > DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:

> >         'CN=Sites,CN=Configuration,DC=example,DC=com'

> > > <>

> >   File "/usr/local/samba/lib64/python2.7/site-

> packages/samba/netcmd/__init__.py",

> > line 176, in _run

> >     return self.run(*args, **kwargs)

> >   File "/usr/local/samba/lib64/python2.7/site-

> packages/samba/netcmd/domain.py",

> > line 652, in run

> >     machinepass=machinepass, use_ntvfs=use_ntvfs,

> dns_backend=dns_backend)

> >   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",

> > line 1253, in join_DC

> >     ctx.do_join()

> >   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",

> > line 1151, in do_join

> >     ctx.join_add_objects()

> >   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",

> > line 593, in join_add_objects

> >     ctx.samdb.add(rec)

> >

> >

> > I see some lines mentioning kinit auth, but I tried to get a new ticket

> > and it worked

> >

> >

> > [root@dc-02 ~]# klist

> > Ticket cache: FILE:/tmp/krb5cc_0

> > Default principal: [hidden email]

> >

> > Valid starting       Expires              Service principal

> > 04/12/2017 11:39:06  04/12/2017 21:39:06  krbtgt/[hidden email]

> >         renew until 04/13/2017 11:38:59

> >

> >

> >

> > This machine does not get it's IP from DHCP, but yes, it is managed by

> > Network Manager, but IP and DNS config are static values.

> >

> >

> > On 11 April 2017 at 12:38, Rowland Penny via samba

> <[hidden email]>

> > wrote:

> >

> >> On Tue, 11 Apr 2017 12:15:43 -0500

> >> Erick Ocrospoma via samba <[hidden email]> wrote:

> >>

> >> > Hi,

> >> >

> >> > I tried with the latest stable 4.5.x, but with no success.

> >> >

> >> > Do you think you could share your smb.conf ? and also how you built

> >> > from source?

> >> > I suspect there's something missing in the KRB5 for Samba (due to KDC

> >> > error messages).

> >> >

> >>

> >> Try it like this:

> >>

> >> samba-tool domain join EXAMPLE.COM DC -UAdministrator

> >> --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL

> >>

> >> If that doesn't work, can you post /etc/hosts, can you also explain why

> >> you are allowing Network-Manager to set /etc/resolv.conf, does the soon

> >> to be a DC get its IP from DHCP ??

> >>

> >> Does smb.conf already exist ? it shouldn't

> >>

> >> Rowland

> >>

> >>

> >> --

> >> To unsubscribe from this list go to the following URL and read the

> >> instructions:  https://lists.samba.org/mailman/options/samba

> >>

> >

> >

> >

> > --

> >

> >

> > Erick.

> >

> >

> > -------------------------------------------

> > IRC     :   zerick

> > Blog    : http://zerick.me

> > About :  http://about.me/zerick

> > Linux User ID :  549567

> >

>

>

>

> --

>

>

> Erick.

>

>

> -------------------------------------------

> IRC     :   zerick

> Blog    : http://zerick.me

> About :  http://about.me/zerick

> Linux User ID :  549567

> --

> To unsubscribe from this list go to the following URL and read the

> instructions:  https://lists.samba.org/mailman/options/samba

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 12 Apr 2017 10:23:37 -0500
Erick Ocrospoma <[hidden email]> wrote:

> Oh, also, I was asking about the smb.conf because googling I saw some
> smb.conf with some entries for Kerberos which supposely fixed/helped
> other people.
>
> Currently my /etc/samba/ is empty, so I think it is normal from a
> Samba built from source.
>
>

Good, the 'join' will create the smb.conf and will cause an error if
there is one.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 12 Apr 2017 17:28:39 +0200
"L.P.H. van Belle via samba" <[hidden email]> wrote:

> Correct you need a smb.conf.

No he doesn't, he is trying to join another DC.

> And please do correct your hosts file before you join.
>
>  
>
> >>  127.0.0.1   localhost localhost.localdomain localhost4
> >>localhost4.localdomain4 dc-02.example.com dc-02 << NOT GOOD
>
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
>
> 10.3.251.19                    dc-01.example.com  dc-01  << CORRECT

Well it is correct if the last line is the information for the DC he is
trying to join.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
Hi guys,

I changed my /etc/hosts and looks like this:


[root@lim-inf1-dns-02 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
10.3.251.19      dc-01.example.com  dc-01
172.28.240.252  dc-02.example.com  dc-02



So, to be clear, dc-01.example.com is the Windows AD hostname.
dc-02.example.com is the linux machine itself

I tried to join domain again but it is pretty the same error :(


[root@ldc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator
 --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL --debug 3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'EXAMPLE.COM'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.EXAMPLE.COM
<0x0>
Found DC dc-01.example.com
resolve_lmhosts: Attempting lmhosts lookup for name dc-01.example.com<0x20>
Password for [WORKGROUP\Administrator]:
Aquiring initiator credentials failed: kinit for [hidden email]
failed (Wrong realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is EXAMPLE
realm is example.com
Adding CN=DC-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for EXAMPLE from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=EXAMPLE)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4575) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Sites,CN=Configuration,DC=example,DC=com'
> <>
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1253, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1151, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
593, in join_add_objects
    ctx.samdb.add(rec)



On 12 April 2017 at 10:49, Rowland Penny via samba <[hidden email]>
wrote:

> On Wed, 12 Apr 2017 17:28:39 +0200
> "L.P.H. van Belle via samba" <[hidden email]> wrote:
>
> > Correct you need a smb.conf.
>
> No he doesn't, he is trying to join another DC.
>
> > And please do correct your hosts file before you join.
> >
> >
> >
> > >>  127.0.0.1   localhost localhost.localdomain localhost4
> > >>localhost4.localdomain4 dc-02.example.com dc-02 << NOT GOOD
> >
> > ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> >
> > 10.3.251.19                    dc-01.example.com  dc-01  << CORRECT
>
> Well it is correct if the last line is the information for the DC he is
> trying to join.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--


Erick.


-------------------------------------------
IRC     :   zerick
Blog    : http://zerick.me
About :  http://about.me/zerick
Linux User ID :  549567
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Joining Samba4 to existing AD

Samba - General mailing list
On Wed, 12 Apr 2017 11:54:42 -0500
Erick Ocrospoma <[hidden email]> wrote:

> Hi guys,
>
> I changed my /etc/hosts and looks like this:
>
>
> [root@lim-inf1-dns-02 ~]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 10.3.251.19      dc-01.example.com  dc-01
> 172.28.240.252  dc-02.example.com  dc-02
>
>
>
> So, to be clear, dc-01.example.com is the Windows AD hostname.
> dc-02.example.com is the linux machine itself
>

Remove the windows machine, it shouldn't be there.

The AD DC should be found by DNS, is the windows DC running a DNS
server ?

All you really need in /etc/hosts is:

127.0.0.1 localhost
::1 localhost
172.28.240.252  dc-02.example.com  dc-02

I wonder if you need to pre-create the new DCs dns info in AD before
the join ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...