Re: [Samba] Re: net ads join failed
Indeed. After a record dns creation everything works fine 2008/9/4 Hoover, Tony <[EMAIL PROTECTED]> > It means that your primary DNS server does not support dynamic updates. > > > On Thu, 2008-09-04 at 16:54 +0200, Thomas Vito wrote: > > Apparently something is wrong with my hosts file. I have changed it and > now > > get a much better result: > > [EMAIL PROTECTED] ~]# net ads join -U [EMAIL PROTECTED] > > [EMAIL PROTECTED]'s password: > > Using short domain name -- ACME > > DNS update failed! > > Joined 'AMSDEV-DV10' to realm 'EU.ACME.COM' > > > > What the dns update failed means? > > > > > > 2008/9/4 Thomas Vito <[EMAIL PROTECTED]> > > > > > Hi, > > > > > > I am trying to join a samba server to my AD directory but if fails: > > > > > > [EMAIL PROTECTED] postfix]# net ads join -U [EMAIL PROTECTED] > > > [EMAIL PROTECTED]'s password: > > > [2008/09/04 15:12:45, 0] libads/kerberos.c:ads_kinit_password(228) > > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network > > > address for KDC in requested realm > > > Failed to join domain: Undetermined error > > > > > > [EMAIL PROTECTED] postfix]# net ads join -U [EMAIL PROTECTED] > > > [EMAIL PROTECTED]'s password: > > > Using short domain name -- ACME > > > Failed to set servicePrincipalNames. Please ensure that > > > the DNS domain of this server matches the AD domain, > > > Or rejoin with using Domain Admin credentials. > > > Deleted account for 'AMSDEV-DV10' in realm 'EU.ACME.COM' > > > Failed to join domain: Type or value exists > > > > > > There is no computer account named amsdev-dv10 in my directory. > > > > > > kinit doesn't return anything > > > [EMAIL PROTECTED] postfix]# kinit apacci > > > Password for [EMAIL PROTECTED]: > > > > > > My resolv.conf is ok.I can ping and resolve hosts in my AD. My > /etc/host > > > file is basic: > > > ::1 localhost.localdomain localhost amsdev-dv10 > > > > > > The username is domain admin. > > > > > > My krb5.conf is as follow: > > > > > > [libdefaults] > > > default_realm = EU.ACME.COM > > > dns_lookup_realm = false > > > dns_lookup_kdc = false > > > ticket_lifetime = 24h > > > forwardable = yes > > > > > > [realms] > > > > > > EU.ACME.COM = { > > > kdc = amsterdam-dc02.eu.acme.com > > > kdc = amsterdam-dc01.eu.acme.com > > > admin_server = amsterdam-dc02.eu.acme.com > > > master_kdc = amsterdam-dc02.eu.acme.com > > > default_domain = eu.acme.com > > > } > > > > > > [domain_realm] > > > > > > eu.acme.com = EU.ACME.COM > > > .eu.acme.com = EU.ACME.COM > > > .acme.com = EU.ACME.COM > > > acme.com = EU.ACME.COM > > > [kdc] > > > profile = /etc/kdc.conf > > > > > > smb.conf > > > > > > [global] > > > > > >workgroup = ACME > > >password server = 10.130.12.100 > > >realm = EU.ACME.COM > > >security = ADS > > >idmap uid = 16777216-33554431 > > >idmap gid = 16777216-33554431 > > >winbind separator = + > > >template shell = /bin/false > > >winbind use default domain = true > > >winbind offline logon = false > > > > > > > > > server string = Samba Server Version %v > > > passdb backend = tdbsam > > > preferred master = No > > > wins server = 10.130.10.100 > > > ldap ssl = no > > > winbind enum users = Yes > > > winbind enum groups = Yes > > > > > > [homes] > > > comment = Home Directories > > > read only = No > > > browseable = No > > > > > > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: net ads join failed
It means that your primary DNS server does not support dynamic updates. On Thu, 2008-09-04 at 16:54 +0200, Thomas Vito wrote: > Apparently something is wrong with my hosts file. I have changed it and now > get a much better result: > [EMAIL PROTECTED] ~]# net ads join -U [EMAIL PROTECTED] > [EMAIL PROTECTED]'s password: > Using short domain name -- ACME > DNS update failed! > Joined 'AMSDEV-DV10' to realm 'EU.ACME.COM' > > What the dns update failed means? > > > 2008/9/4 Thomas Vito <[EMAIL PROTECTED]> > > > Hi, > > > > I am trying to join a samba server to my AD directory but if fails: > > > > [EMAIL PROTECTED] postfix]# net ads join -U [EMAIL PROTECTED] > > [EMAIL PROTECTED]'s password: > > [2008/09/04 15:12:45, 0] libads/kerberos.c:ads_kinit_password(228) > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network > > address for KDC in requested realm > > Failed to join domain: Undetermined error > > > > [EMAIL PROTECTED] postfix]# net ads join -U [EMAIL PROTECTED] > > [EMAIL PROTECTED]'s password: > > Using short domain name -- ACME > > Failed to set servicePrincipalNames. Please ensure that > > the DNS domain of this server matches the AD domain, > > Or rejoin with using Domain Admin credentials. > > Deleted account for 'AMSDEV-DV10' in realm 'EU.ACME.COM' > > Failed to join domain: Type or value exists > > > > There is no computer account named amsdev-dv10 in my directory. > > > > kinit doesn't return anything > > [EMAIL PROTECTED] postfix]# kinit apacci > > Password for [EMAIL PROTECTED]: > > > > My resolv.conf is ok.I can ping and resolve hosts in my AD. My /etc/host > > file is basic: > > ::1 localhost.localdomain localhost amsdev-dv10 > > > > The username is domain admin. > > > > My krb5.conf is as follow: > > > > [libdefaults] > > default_realm = EU.ACME.COM > > dns_lookup_realm = false > > dns_lookup_kdc = false > > ticket_lifetime = 24h > > forwardable = yes > > > > [realms] > > > > EU.ACME.COM = { > > kdc = amsterdam-dc02.eu.acme.com > > kdc = amsterdam-dc01.eu.acme.com > > admin_server = amsterdam-dc02.eu.acme.com > > master_kdc = amsterdam-dc02.eu.acme.com > > default_domain = eu.acme.com > > } > > > > [domain_realm] > > > > eu.acme.com = EU.ACME.COM > > .eu.acme.com = EU.ACME.COM > > .acme.com = EU.ACME.COM > > acme.com = EU.ACME.COM > > [kdc] > > profile = /etc/kdc.conf > > > > smb.conf > > > > [global] > > > >workgroup = ACME > >password server = 10.130.12.100 > >realm = EU.ACME.COM > >security = ADS > >idmap uid = 16777216-33554431 > >idmap gid = 16777216-33554431 > >winbind separator = + > >template shell = /bin/false > >winbind use default domain = true > >winbind offline logon = false > > > > > > server string = Samba Server Version %v > > passdb backend = tdbsam > > preferred master = No > > wins server = 10.130.10.100 > > ldap ssl = no > > winbind enum users = Yes > > winbind enum groups = Yes > > > > [homes] > > comment = Home Directories > > read only = No > > browseable = No > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: net ads join
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian D. McGrew wrote: > I'm also seeing the following in my syslog when I try > and map from a Windows machine to one of my samba shares: ... > Aug 24 07:35:49 mustang smbd[19060]: create_local_nt_token: Failed to > create BUILTIN\Administrators group! These are warnings and not the reason for any failure here. I've bumped up the log level for 3.0.23c. The error is expected if you are using idmap backend = {rid,ad} cheer,s jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE7cTUIR7qMdg1EfYRAv97AJ9udmp6oWKNcsPn6ehsCP/VBswdWACeKGbq TTRktUx3NVJwoov3BEFWeFw= =q+MI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: net ads join
Version 3.0.14a-2 -brian Brian D. McGrew { [EMAIL PROTECTED] || [EMAIL PROTECTED] } -- > Those of you who think you know it all, really annoy those of us who do! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rex Dieter Sent: Thursday, November 10, 2005 8:44 AM To: samba@lists.samba.org Subject: [Samba] Re: net ads join Brian D. McGrew wrote: > What am I missing? What version of samba are you using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: net ads join fails 3/4's of the time
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 |> I wonder if you are dealing with a AD replication lag. How |> many DC's are there in the domain? | | 3 DC's. If your hunch is right, what should I do? | Simply wait longer between the 'net ads join' and | 'wbinfo -t'? Yup. I don't recall what the default replication period is in AD so you might want to look it up. Thanks. Will do. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: net ads join fails 3/4's of the time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 |> I wonder if you are dealing with a AD replication lag. How |> many DC's are there in the domain? | | 3 DC's. If your hunch is right, what should I do? | Simply wait longer between the 'net ads join' and | 'wbinfo -t'? Yup. I don't recall what the default replication period is in AD so you might want to look it up. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqZRnIR7qMdg1EfYRAjBWAJ49zga2LzEkjz7VHBVqMWRBVoj7iACfVsHm KVOVU1ntd3KlnAJK/fTPG34= =xP/d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: net ads join fails using Red Hat samba 3.0.7-1.3E.1 (Re: Samba 3 as domain member of w2k realm)
Matt Seitz wrote: Resending with corrected subject line Matt Seitz wrote: R.B. wrote: i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain: [EMAIL PROTECTED] squid]# net ads join -U myuser myuser's password: [2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183) ads_connect: Program lacks support for encryption type This appears to be a bug in Red Hat's version of Samba. See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668 Red Hat samba versions > 3.0.4 seem to have done a thorough job of breaking compatibility with AD's in Native Mode. It *looks* like this is fixed in 3.0.8 which we have not yet released as a supported RH package. Reviewing your configs may be worthwhile as you might be encountering other problems -- also in some cases it is required to reset the domain admin password and select the account to "Use DES encryption types for this account". Otherwise you can test with 3.0.8 (the RH9 rpm made available via samba.org does install without issue on RHEL3), but keep in mind that it is not officially supported by RH at this point in time. Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba