Re: [Samba] Joining ADS: unodocumented error
Cool dude! It works. Here's a transcript. samba:~# net ads join -U administrator Enter administrator's password: Using short domain name -- ARM Joined 'SAMBA' to realm 'arm.priv' [2008/11/24 10:52:15, 0] libads/kerberos.c:ads_kinit_password(356) kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos database No DNS domain configured for samba. Unable to perform DNS Update. DNS update failed! I'll need to tweak something in the DNS, but that should not be a major issue at this point. Thanks a lot! Alessandro Baretta World Family of Radio Maria http://www.radiomaria.org/ tel. +39 0332 228 150 fax. +39 0332 222 411 cel. +39 335 830 3189 skype alex.baretta ekiga [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Mon, Nov 24, 2008 at 03:47:52AM +0100, Alessandro Baretta wrote: Hi everyone, I am trying to set up a file server on Linux for Windows XP boxes in a Windows Server 2003 environment. I followed an excellent tutorial on Samba and ADS, which I recommend to all newbies like myself: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081. Kerberos authentication seems to succeed, and apparently there is nothing wrong with my smb.conf file, yet when I try to add the server to the ADS I get the following error message: Failed to join domain: Invalid configuration and configuration modification was not requested. This error seems to be undocumented: I have found nothing either on Google or on the samba.org site. Here's a transcript of a shell session showing this error. samba:~# kinit Password for [EMAIL PROTECTED]: --- Authentication succeeds samba:~# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [fileserver] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = ARM.PRIV realm = ARM.PRIV server string = File server avanzato security = ADS log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [fileserver] comment = Cartelle condivise path = /var/samba read only = No create mask = 0700 [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers samba:~# net ads join -U administrator Enter administrator's password: Failed to join domain: Invalid configuration and configuration modification was not requested ^^ If I mistype the password I get a different error message: samba:~# net ads join -U administrator%wrongpassword Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV' over rpc: Logon failure Can anyone help me? -- Alessandro Baretta World Family of Radio Maria http://www.radiomaria.org/ tel. +39 0332 228 150 fax. +39 0332 222 411 cel. +39 335 830 3189 skype alex.baretta ekiga [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Alessandro, I was able to reproduce your problem on my virtual machines. By that I mean that in trying to join a 2003 domain in ADS mode, I get the exact same error as you. I was able to solve it as explained below. Keep in mind that the same error may be caused by different problems. My test domain name is 'DOMAIN', and my realm is 'DOMAIN.COM'. Setting either of the of 2 following lines caused the error indicated: workgroup = DOMAIN.COM or realm = DOMAIN Setting as follows, I joined the domain no problem. workgroup = DOMAIN realm = DOMAIN.COM So it appears the domain name is the leftmost portion of the REALM, and the REALM must be the entire name. Anything else will fail. So try changing your workgroup line setting it as follows: workgroup = ARM I believe you will then be able to join sambe to the 2003 domain. Give it a shot and let me know. -- Pablo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining ADS: unodocumented error
Hi everyone, I am trying to set up a file server on Linux for Windows XP boxes in a Windows Server 2003 environment. I followed an excellent tutorial on Samba and ADS, which I recommend to all newbies like myself: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081. Kerberos authentication seems to succeed, and apparently there is nothing wrong with my smb.conf file, yet when I try to add the server to the ADS I get the following error message: Failed to join domain: Invalid configuration and configuration modification was not requested. This error seems to be undocumented: I have found nothing either on Google or on the samba.org site. Here's a transcript of a shell session showing this error. samba:~# kinit Password for [EMAIL PROTECTED]: --- Authentication succeeds samba:~# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [fileserver] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = ARM.PRIV realm = ARM.PRIV server string = File server avanzato security = ADS log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [fileserver] comment = Cartelle condivise path = /var/samba read only = No create mask = 0700 [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers samba:~# net ads join -U administrator Enter administrator's password: Failed to join domain: Invalid configuration and configuration modification was not requested ^^ If I mistype the password I get a different error message: samba:~# net ads join -U administrator%wrongpassword Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV' over rpc: Logon failure Can anyone help me? -- Alessandro Baretta World Family of Radio Maria http://www.radiomaria.org/ tel. +39 0332 228 150 fax. +39 0332 222 411 cel. +39 335 830 3189 skype alex.baretta ekiga [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining ADS: unodocumented error
On Mon, Nov 24, 2008 at 03:47:52AM +0100, Alessandro Baretta wrote: Hi everyone, I am trying to set up a file server on Linux for Windows XP boxes in a Windows Server 2003 environment. I followed an excellent tutorial on Samba and ADS, which I recommend to all newbies like myself: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081. Kerberos authentication seems to succeed, and apparently there is nothing wrong with my smb.conf file, yet when I try to add the server to the ADS I get the following error message: Failed to join domain: Invalid configuration and configuration modification was not requested. This error seems to be undocumented: I have found nothing either on Google or on the samba.org site. Here's a transcript of a shell session showing this error. samba:~# kinit Password for [EMAIL PROTECTED]: --- Authentication succeeds samba:~# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [fileserver] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = ARM.PRIV realm = ARM.PRIV server string = File server avanzato security = ADS log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [fileserver] comment = Cartelle condivise path = /var/samba read only = No create mask = 0700 [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers samba:~# net ads join -U administrator Enter administrator's password: Failed to join domain: Invalid configuration and configuration modification was not requested ^^ If I mistype the password I get a different error message: samba:~# net ads join -U administrator%wrongpassword Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV' over rpc: Logon failure Can anyone help me? -- Alessandro Baretta A couple of things to try. 1. Try the 'net join' command by getting rid of the space after the -U and type the username in caps, as follows: net ads join -UADMINISTRATOR * Mine failed to join with a similar error as yours, then without * changing any configuration, I did what I suggested above and the join * succeeded. 2. If that didn't work, try changing 'workgroup = ARM.PRIV' to 'workgroup = ARM' in smb.conf. Then try joining again via 'net ads join ...'. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining ADS: unodocumented error
On Mon, Nov 24, 2008 at 03:47:52AM +0100, Alessandro Baretta wrote: Hi everyone, I am trying to set up a file server on Linux for Windows XP boxes in a Windows Server 2003 environment. I followed an excellent tutorial on Samba and ADS, which I recommend to all newbies like myself: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081. Kerberos authentication seems to succeed, and apparently there is nothing wrong with my smb.conf file, yet when I try to add the server to the ADS I get the following error message: Failed to join domain: Invalid configuration and configuration modification was not requested. This error seems to be undocumented: I have found nothing either on Google or on the samba.org site. Here's a transcript of a shell session showing this error. samba:~# kinit Password for [EMAIL PROTECTED]: --- Authentication succeeds samba:~# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [fileserver] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = ARM.PRIV realm = ARM.PRIV server string = File server avanzato security = ADS log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [fileserver] comment = Cartelle condivise path = /var/samba read only = No create mask = 0700 [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers samba:~# net ads join -U administrator Enter administrator's password: Failed to join domain: Invalid configuration and configuration modification was not requested ^^ If I mistype the password I get a different error message: samba:~# net ads join -U administrator%wrongpassword Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV' over rpc: Logon failure Can anyone help me? -- Alessandro Baretta World Family of Radio Maria http://www.radiomaria.org/ tel. +39 0332 228 150 fax. +39 0332 222 411 cel. +39 335 830 3189 skype alex.baretta ekiga [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Alessandro, I was able to reproduce your problem on my virtual machines. By that I mean that in trying to join a 2003 domain in ADS mode, I get the exact same error as you. I was able to solve it as explained below. Keep in mind that the same error may be caused by different problems. My test domain name is 'DOMAIN', and my realm is 'DOMAIN.COM'. Setting either of the of 2 following lines caused the error indicated: workgroup = DOMAIN.COM or realm = DOMAIN Setting as follows, I joined the domain no problem. workgroup = DOMAIN realm = DOMAIN.COM So it appears the domain name is the leftmost portion of the REALM, and the REALM must be the entire name. Anything else will fail. So try changing your workgroup line setting it as follows: workgroup = ARM I believe you will then be able to join sambe to the 2003 domain. Give it a shot and let me know. -- Pablo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
