Hello,
I am trying to join my server to a Win2k AD domain.
I have configured kerberos and can get a ticket but when I try to join the
AD I get the error "Failed to join domain: No logon servers" as detailed
below.
I have searched the archives and google and followed some suggestions to get
my files into the correct format but still have a problem.
I am using Samba version 3.0.32-0.fc8 on Fedora 8, kernel 2.6.25.11-60.fc8
I have detailed my krb5.conf, smb.conf, kinit cmd and debug output from my
net ads join cmd below.
Can anyone offer me any pointers?
Is there anything I can get the windows admin to check?
Thanks
Tam
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = NSUK.NSC.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
NSUK.NSC.COM = {
kdc= nsuk-ukdc3.nsuk.nsc.com
admin_server = nsuk-ukdc3.nsuk.nsc.com
default_domain = nsuk.nsc.com
}
[domain_realm]
.nsuk.nsc.com = NSUK.NSC.COM
nsuk.nsc.com = NSUK.NSC.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
=
/etc/samba/smb.conf
=
[global]
workgroup = NSUK
netbios name = uklnxws01
security = ads
realm = NSUK.NSC.COM
password server = 10.191.2.29
encrypt passwords = yes
domain master = no
domain logons = no
local master = no
preferred master = no
==
kinit
==
#kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
#klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
10/22/08 16:49:56 10/23/08 02:50:04 krbtgt/[EMAIL PROTECTED]
renew until 10/23/08 16:49:56
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
=
other
=
cat /etc/hosts
10.191.2.29 nsuk-ukdc3 nsuk-ukdc3.nsuk.nsc.com
cat /etc/resolv.conf
domain nsc.com
nameserver 10.191.2.29
nameserver x.x.x.x
nameserver y.y.y.y
nslookup nsuk-ukdc3.nsuk.nsc.com & 10.191.2.29
returns ok
but
nslookup nsuk-ukdc3
does not unless I use nsuk-ukdc.nsuk.nsc.com
=
I have tried using: net ads join in a number of combinations including
without the -S and createcomputer but the debug output is effectively the
same:
# net ads join createcomputer="servers/unix" -Snsuk-
ukdc3.uk.nsc.com -d10
[2008/10/22 16:51:35, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
Processing section "[global]"
doing parameter workgroup = NSUK
doing parameter netbios name = uklnxws01
[2008/10/22 16:51:35, 4] param/loadparm.c:handle_netbios_name(3153)
handle_netbios_name: set global_myname to: UKLNXWS01
doing parameter server string = Samba Server Version %v
doing parameter security = ads
doing parameter realm = NSUK.NSC.COM
doing parameter password server = 10.191.2.29
doing parameter encrypt passwords = yes
doing parameter domain master = no
doing parameter domain logons = no
doing parameter local master = no
doing parameter preferred master = no
2008/10/22 16:51:35, 4] param/loadparm.c:lp_load(5095)
pm_process() returned Yes
[2008/10/22 16:51:35, 7] param/loadparm.c:lp_servicenumber(5233)
lp_servicenumber: couldn't find homes
[2008/10/22 16:51:35, 10] param/loadparm.c:set_server_role(4339)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2008/10/22 16:51:35, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
Netbios name list:-
my_netbios_names[0]="UKLNXWS01"
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
added interface ip=10.191.164.102 bcast=10.191.164.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.122.1 bcast=192.168.122.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.87.1 bcast=192.168.87.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.104.1 bcast=192.168.104.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/lib/samba/gencache.tdb
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.