Been there:
1. Compile Samba by yourself, remove WITH_DNS_UPDATE flag.
2. Disallow allow insecure update from DNS server.
3. Edit /etc/hosts, use shortname for your Samba server, then upon net ads
join
it will complain domain name not found hence will not update DNS.
Cheers
-David
2012/2/4
I believe it takes the name from either the,
netbios name =
or
server string = x
in the smb.conf file.
On 05/27/2011 05:50 AM, fsos...@gmail.com wrote:
Hello,
I would like to know where samba takes the computer name to join the
AD domain. Is it from classic computer name DNS
From: fsos...@gmail.com fsos...@gmail.com
Date: Fri, 27 May 2011 11:50:48 +0200
I would like to know where samba takes the computer name to join the
AD domain. Is it from classic computer name DNS resolution?
The computer name is taken from classic hostname by default.
netbios name parameter
thanks a lot
On 27 May 2011 16:01, TAKAHASHI Motonobu mo...@monyo.com wrote:
From: fsos...@gmail.com fsos...@gmail.com
Date: Fri, 27 May 2011 11:50:48 +0200
I would like to know where samba takes the computer name to join the
AD domain. Is it from classic computer name DNS resolution?
The
On 2010/05/27 at 08:48, Nick Couchman nick.couch...@seakr.com wrote:
I'm having trouble getting a host to join an ADS domain/realm. I have
smb.conf set correctly, with the workgroup, realm, and security = ads
specified. However, when I try to join with the command: net ads join -U
On Wed, Jul 01, 2009 at 12:03:28PM +0200, christoph.be...@desy.de wrote:
Hi,
my windows folks migrated to AD 2008 R2, resulting in the following error
message when trying to join the domain:
[HOST] /etc $ /opt/csw/bin/net ads join -U USER
Enter USER's password:
[2009/07/01 11:51:28, 0]
Heyho Guenther,
thanks for the fast reply, 'client ldap sasl wrapping = sign' did the
trick :D
cheers
christoph
On Wed, 1 Jul 2009, Guenther Deschner wrote:
On Wed, Jul 01, 2009 at 12:03:28PM +0200, christoph.be...@desy.de wrote:
Hi,
my windows folks migrated to AD 2008 R2, resulting in
On 7/1/2009, christoph.be...@desy.de (christoph.be...@desy.de) wrote:
my windows folks migrated to AD 2008 R2
Interesting... seeing as its not even released yet...
--
Best regards,
Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Ladanyi wrote:
Hi,
it seems that all is working perfectly, but if start an net ads join i
get the message DNS Update failed ! .
What is the consequence if i dont care about this message ? Is the Samba
Server (ADS member) only not
D G Teed wrote:
I've been able to use security = ads in smb.conf, and connect OK,
but it must be falling back to domain. When I run net ads join
I get the error (debug trace below):
ads_connect: No logon servers
Here is my krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
Thanks very much, Douglas. That did the trick.
I had not understood what realm represented in a dns
style domain.
It is also confusing that one lists a realm section,
defining it...
BEER = {
kdc = ADC1.AD.BEERU.CA
}
But then when providing the realm name in smb.conf, the
handle isn't BEER,
Douglas VanLeuven wrote:
D G Teed wrote:
I've been able to use security = ads in smb.conf, and connect OK,
but it must be falling back to domain. When I run net ads join
I get the error (debug trace below):
ads_connect: No logon servers
Here is my krb5.conf:
[logging]
default =
D G Teed wrote:
Thanks very much, Douglas. That did the trick.
I had not understood what realm represented in a dns
style domain.
It is also confusing that one lists a realm section,
defining it...
BEER = {
kdc = ADC1.AD.BEERU.CA
}
Sorry, missed that one too. Should be
Jeff Lee wrote:
Hi all,
I want to configure a samba server (3.0.25b) with krb5-1.6.2,
openldap-2.3.37 and db-4.6.18 for single sign-on purpose. I have some
questions.
1. Is the AD Administrator account for Samba to kinit and net join the
AD only ?
2. Can I use a common user with Create
Le Wednesday 04 July 2007 09:30:29 Francesco Tonucci, vous avez écrit :
Hello,
I'm trying to join a samba server to a w2k domain.
Now I have removed all samba and kerberos software from the machine to
reset configuration.
Then I have executed net ads testjoin to see what happened (I have
Hi!
I'm having the same issue: Linux Box with RedHat 3 joining a windows 2003
AD. When doing net ads join the system reports
[2007/03/12 17:27:36, 5] libads/kerberos.c:get_service_ticket(367)
get_service_ticket: krb5_get_credentials for [EMAIL PROTECTED] enctype 16
failed: KDC has no support
Have you checked if your clock are in sync with the Win2k Server?
Due to the kerberos, time out of sync by 5 minutes report errors to connect.
On 10/25/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi all,
I'am trying to join ADS an W2K server. This server was already joined,
but after
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian D. McGrew wrote:
I'm not sure that the problem is with net ads join but I'm in desperate
need of help either way.
Using smb Version 3.0.23a-1.fc4.1
I do a net ads join I get the below error:
[EMAIL PROTECTED] tmp]# net ads join -U
I get the same error either way.
-Original Message-
From: Howard Wilkinson [mailto:[EMAIL PROTECTED]
Sent: Friday, July 14, 2006 11:16 AM
To: Trimble, Ronald D; samba@lists.samba.org
Subject: RE: [Samba] NET ADS JOIN error
Check that the backslashes are not being interpolated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Trimble, Ronald D wrote:
Can anyone shed some light on this error? I can't seem to find any
information as to why it is failing. Thanks.
USTR-MINT-A-1:~ # net ads join United
States\Tredyffrin\Resources\Servers -U trimblrd
trimblrd's
Check that the backslashes are not being interpolated by the shell you may want
to try.
net ads join United States\\Tredyffrin\\Resource\\Servers -U trimblrd
Howard.
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL,
United Kingdom
Telephone: +44 20 76907075
For the purpose of the archive:
I believe I fixed the problem.
When I compiled FreeBSD 6.0-RELEASE-p1 kerberos was installed. When I
compiled 6.0-RELEASE-p2 I had kerberos disabled. I'm pretty confident I
was using old binaries. When I rebuilt the binaries, kerberos gave me a
message about the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert J. Collins wrote:
On FreeBSD 6.0-RELEASE-p2 using samba-3.0.21a,1 the
net command seg faults. Does anyone know what is going
on?
Can you get a backtrace from gdb after building Samba
with the --enable-debug option (or just the -g gcc
I have seen that reinstalling the samba works for me... dont know why
although... I had taken the binaries from the Samba Site..
On 8/27/05, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guille wrote:
| Hi,
|
| You are not alone with
I have seen that reinstalling the samba works for me... dont know why
although... I take the binaries from the Samba Site..
+++ Gerald (Jerry) Carter [Sat, Aug 27, 2005 at 10:41:46AM -0500]:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guille wrote:
| Hi,
|
| You are not alone with
Of
Theodore Jencks
Sent: Friday, August 26, 2005 11:58 AM
To: samba@lists.samba.org
Subject: RE: [Samba] net ads join error
So now it looks like I can join the domain however I get the following
output. Seems like there might be an issue with samba-3.0.20 and the
new GCC 4 and glibc.
Any idea's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guille wrote:
| Hi,
|
| You are not alone with regards to this error message joining FC4 to Win2k
| ADS.
| I got this after I joined.
It's bugs in the e2fsprogs + krb5 libs shipped on FC4.
You'll have to talk to the Fedora folks to get this fixed.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theodore Jencks wrote:
Compiling version 3.0.20 from source on RedHat Fedora Core 4 everything
seems to go smoothly. However upon trying to join a 2000 domain with
the following command net ads join -U Administrator%Password 'OU' I
get the
] net ads join error
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theodore Jencks wrote:
Compiling version 3.0.20 from source on RedHat Fedora Core 4
everything
seems to go smoothly. However upon trying to join a 2000 domain with
the following command net ads join -U Administrator%Password
in smb.conf add line
log level = 10
then restart nmb, smb and winbind.
-Original Message-
From: Theodore Jencks [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 1:03 PM
To: samba@lists.samba.org
Subject: RE: [Samba] net ads join error
Where would I find the log for this? How
join error
in smb.conf add line
log level = 10
then restart nmb, smb and winbind.
-Original Message-
From: Theodore Jencks [mailto:[EMAIL PROTECTED]
Sent: Friday, August 26, 2005 1:03 PM
To: samba@lists.samba.org
Subject: RE: [Samba] net ads join error
Where would I find the log
So now it looks like I can join the domain however I get the following
output. Seems like there might be an issue with samba-3.0.20 and the
new GCC 4 and glibc.
Any idea's possibilities? I'm also not quite sure my previous problem
went away the only thing I changed was adding my kdc server into
[EMAIL PROTECTED] wrote:
Hi all,
is it possible at all to get Samba 3 on AIX 5.2 to join a Win 2003
Domain natively ? All the precompiled versions do not have AD Support
and having AIX krb5 installed (let alone using --with-ads)is enough
to make a compile run fail - both 3.0.14 and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rex Dieter wrote:
| I just wanted to share my frustrations with trying
| to use samba to join linux machines to our AD
| (so I could use pam_winbind primarily). I'm
| using Red Hat Enterprise 4 boxes, with samba-3.0.14a,
| krb5-libs-1.3.4-12,
Gerald (Jerry) Carter wrote:
Rex Dieter wrote:
| Now, I've found that the
| $ net ads join
| command(*) always says it succeeds joining the domain,
| but a subsequent
| $ wbinfo -t
| about 75% of the time yields an error:
| NT_STATUS_ACCESS_DENIED
|
| If I re-run those 2 commands repeatedly, I
On Thursday 26 May 2005 18:50, Rex Dieter wrote:
Here's one that's got me baffled. No such file or directory?
# net ads join -U'AD-Administrator'
AD-Administrator's password:
[2005/05/26 08:15:00, 0] utils/net_ads.c:ads_startup(191)
ads_connect: No such file or directory
I've been
]
Sent: 11 April 2005 16:57
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
Try that, it is working for me
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm
-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED]
Sent: 09 April 2005 00:23
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
You might need to add some entries to your krb5.conf file. for example:
[realms]
ellisonslegal.com = {
kdc = domain.controller.ellisonslegal.com:88
you have the updated link?
Thanks for your continued help.
Penny
-Original Message-
From: Gordon Hopper [mailto:[EMAIL PROTECTED]
Sent: 09 April 2005 00:23
To: Penny Willisson
Subject: RE: [Samba] net ads join fails
You might need to add some entries to your krb5.conf file
: 08 April 2005 13:30
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine account on the AD server and did this
logged in
as Administrator so that should mean that the Administrator
] net ads join fails
[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown code
PROTECTED]
Sent: 06 April 2005 05:28
To: Penny Willisson
Subject: Re: [Samba] net ads join fails
[2005/04/05 15:11:44, 3] libsmb/clikrb5.c:ads_krb5_mk_req(381)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
[2005/04/05 15:11:44, 0] libads/kerberos.c:ads_kinit_password
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine account on the AD server and did this logged in
as Administrator so that should mean that the Administrator account has the
correct permissions
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Dimitri Yioulos
Sent: 08 April 2005 13:30
To: samba@lists.samba.org
Subject: Re: [Samba] net ads join fails
On Friday 08 April 2005 07:46 am, Penny Willisson wrote:
Hi
I have created the machine
* [EMAIL PROTECTED] schrieb am 10.02.05 um 21:35 Uhr:
Problem: I have an account that allows me to join an AD domain, this works
fine from any win box. However it fails with ads_add_machine_acct
(client_name): Insufficient access when I do a net ads join from a linux
box. To get samba to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc Schiffbauer wrote:
| Problem: I have an account that allows me to join
| an AD domain, this works fine from any win box. However
| it fails with ads_add_machine_acct (client_name):
| Insufficient access when I do a net ads join from a linux
|
Resending, as I used wrong sender and it doesn't seem to have appeared
on the list.
The problem is sort of solved...
First, I tried stopping smb and winbind and cleaning out all cache files
(/var/cache/samba).
Then joining worked fine for a while. Then it didn't. Whenever it didn't
I got those
Sort of solved...
First, I tried stopping smb and winbind and cleaning out all cache files
(/var/cache/samba).
Then joining worked fine for a while. Then it didn't. Whenever it didn't
I got those weird messages with [EMAIL PROTECTED]@KLIENT.UIB.NO
again.
Now that problem seems to be fixed, but
birger wrote:
net ads join -U [EMAIL PROTECTED] 'Klienter\IT\MatNat\IFT\Samba
Servers\IT-gruppen'
[EMAIL PROTECTED]'s password:
[2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367)
ads_add_machine_acct: Host account for iftsmb100 already exists -
modifying old account
Using short
On Tue, 02 Nov 2004 14:34:15 -0800, Tom Dickson [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
~ /usr/bin/net ads join -Udennisb
dennisb password:
[2004/11/02 17:31:56, 0] libads/ldap.c:ads_add_machine_acct(1006)
~ Host account for if-srv-hos1 already exists -
Hi Aaron,
we've just identified this problem and thought you may be interested if you
haven't resolved
this already. The bind is failing because the admin account being used to join the
domain is a
member of too many groups (waiting to hear from M$ what constitutes too many) and as a
I believe this is a bug as I have posted exactly the same problem to this
list already including some debug info, nobody replied though
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not just me I'll raise a bug in bugzilla,
logged on bugzilla, id 1370
thanks Andy.
I believe this is a bug as I have posted exactly the same problem to this
list already including some debug info, nobody replied though
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply. As its not
On Fri, 2004-05-21 at 19:43, ww m-pubsyssamba wrote:
I believe this is a bug as I have posted exactly the same problem to this
list already including some debug info, nobody replied though
I have contacted Andrew Bartlett on this with some debug information and
am waiting for a reply.
Did you manage to valgrind it?
##
##Yes, I've sent it through to you last week, didn't you recieve it?
##If not I've attached all the out put to the bugzilla bug 1370
## thanks Andy.
--
To unsubscribe from this list go to the following URL and read the
instructions:
PROTECTED] On Behalf Of ww
m-pubsyssamba
Sent: Friday, May 21, 2004 6:28 AM
To: Andrew Bartlett
Cc: [EMAIL PROTECTED]; Gerald (Jerry) Carter; Andrew Bartlett
Subject: RE: [Samba] net ads join hangs forever
Did you manage to valgrind it?
##
##Yes, I've sent it through to you last week, didn't you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aaron Grewell wrote:
| I am trying to join my Linux workstation to my ADS domain.
| Unfortunately, I'm not having much success. net ads
| join hangs forever (or at least for more than 12 hours)
| when run.
...
| [2004/05/20 10:08:47, 0]
I would start by checking for any kerberos misconfigurations. Just a gut
feeling though. Does kinit run ok ?
Kinit runs fine. I started with a standard Kerb config that I've used a
number of times with good success. I also tried removing /etc/krb5.conf
altogether. Kinit ran fine in either
Have you done any kerberos setup? Whatever steps you have taken there
would be helpful as well.
Also, take a look at TOSHARG chapter 6:
http://us2.samba.org/samba/docs/man/howto/domain-member.html#ads-member
Tom Skeren wrote:
O.K. well no one has responded to any requests for help yet.
Thanks for asking Paul.
I decided to see the error message of a net ads join -U admin would be
and got: can't find realm. Edited krb5.conf changing kdc =
server.fsklaw.net to kerberos.fsklaw.net. I then joined the domain, and
in Windows 2000 the computer Linux is their with Opereating
I'm going to have to defer to someone with superiour knowledge here,
I've only set up ADS membership once, and that was on a test environment.
Two things though, are you specifying your realm as lower case or upper
case? I believe you need to it uppercase: FSKLAW.NETAlso, what do
you get
Thanks again Paul,
I got the Redhat box working, mostly, except that all users only have
user rights on the samba share. Can't seem to get ADS users to have the
permisions on Samba shares they have on the 2000 shares. But a huge
leap forward for me today. I've been spinning my wheels
-- Behalf Of Michael Brown
-- Sent: Friday, February 20, 2004 1:37 AM
-- The path I got was /root/krb5-1.3.1/src/configure, but no
-- mater. In order to
--
-- Sorry, I should have said -
-- # cd krb5-1.3.1/src
-- # configure --prefix=/usr
-- # make make install
-- # ls /usr/bin/kinit
-- kinit
-- From: Gary Hostetler [mailto:[EMAIL PROTECTED]
-- Sent: Thursday, February 19, 2004 6:06 AM
-- To: kaze
-- Subject: RE: [Samba] net ads join / kinit /.conf syntax
--
--
-- I'd be happy if my net command worked. It tells me unknown
-- command. Where do
-- I find net.
-- thanks
-- Gary
-- From: Michael Brown [mailto:[EMAIL PROTECTED]
-- Sent: Thursday, February 19, 2004 2:50 AM
...
-- Eliminate your krb5 rpm installation.
-- Download the MIT krb5 source tarball from here:
-- http://web.mit.edu/kerberos/dist/krb5/1.3/krb5-1.3.1.tar
--
-- Extract the tarball/signature:
-- $ tar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 20 Feb 2004 01:04:24 -0500
kaze [EMAIL PROTECTED] wrote:
The path I got was /root/krb5-1.3.1/src/configure, but no mater. In order to
Sorry, I should have said -
# cd krb5-1.3.1/src
# configure --prefix=/usr
# make make install
# ls
-- From: Michael Brown [mailto:[EMAIL PROTECTED]
-- Sent: Wednesday, February 18, 2004 7:50 PM
...
-- On Wed, 18 Feb 2004 18:38:44 -0500
-- kaze [EMAIL PROTECTED] wrote:
-- [EMAIL PROTECTED] root]# kinit
-- -bash: kinit: command not found
-- [EMAIL PROTECTED] root]#
-- [EMAIL PROTECTED] root]#
On Thu, 19 Feb 2004, kaze wrote:
Yeah! I feel farther along, but it still doesn't work.
I installed the krb5-workstation-1.3.1-6.i386.rpm and after re-reading
http://www.samba.org/samba/docs/man/domain-member.html#ads-member restored
/etc/krb5.conf to its original state.
[EMAIL PROTECTED]
The purpose of net ads join -U Administrator%password (password is required) is not
to obtain a Kerberos ticket but to create a computer account in the AD thereby setting
up the trust required for other clients to authenticate to the Samba server with an AD
Kerberos TGT. Use kinit from any
You might be right, but the use of kinit is only mentioned for testing
purposes, but not as an essential part of the implementation...
My process generates following credentials:
[EMAIL PROTECTED] root]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting
On Fri, 2003-06-27 at 01:42, stefan sokoll wrote:
hi
i'm using suse8.2
i compiled and installed heimdal-0.6
i configured samba3.0.0beta1 with:
configure --with-winbind --with-pam-winbind --with-smbmount --with-ads --with-pam
--with-ldap
i did make without options and make
hello alessandro,
On Thu, Feb 06, 2003 at 04:37:24PM +0100, [EMAIL PROTECTED] wrote:
Hi all,
After having spend 2 days to resolve my problem to configure Samba 3.0 (the
path to the libgcc_s was wrong) I've finally installed it and I'm trying to
join the W2K AD domain with the command:
1.
-- Original Message --
From: Errol Neal [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Nov 2002 17:13:39 -0800
Hello,
In my further investigation, it seems that winbindd cannot locate my kerberos ticket.
Or, at least this is what this log
-- Original Message --
From: Errol Neal [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Nov 2002 17:13:39 -0800
Hello,
In my further investigation, it seems that winbindd cannot locate my kerberos ticket.
Or, at least this is what this log
74 matches
Mail list logo