STYMA, ROBERT E (ROBERT)
2004-Sep-02 17:50 UTC
[Samba] Samba 3.0.2 Joining an active directory domain
I am posting this in the hope it helps someone else.
I have been pulling my hair out chasing a problem getting a Linux node running
Samba to
join an active directory domain controller (KDC). I did a lot of research
searching
for error messages in Google groups and Google web and did not find an suitable
answer.
The problem was that the second of 9 Linux boxes I was adding to the domain
insisted
on getting the Kerberos information right. The first box had joined cleanly,
the other
boxes kept failing, even when I got the "Organizational Unit" data
correct.
Kerberos was turned off on these Linux boxes as they lived in a lab environment.
Messages I searched on: (real names changed)
"Unable to find a suitable server"
[2004/09/01 12:36:22, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password myid@mydomain failed: Cannot find KDC for requested
realm
realm must be set in in smb.conf for ADS join to succeed.
realm of remote server (correct domain) and realm in smb.conf (wrong domain) DO
NOT match. Aborting join
ads_join_realm: organizational unit member does not exist
(dn:ou=member,dc=dnsname1,dc=dnsname2,dc=COM)
[2004/09/01 14:29:56, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for netbiosname already exists - modifying old account
[2004/09/01 14:29:56, 0] libads/ldap.c:ads_join_realm(1342)
ads_add_machine_acct: No such object
ads_join_realm: No such object
The command being used was variations on:
net rpc join -U Administrator -w MYDOMAIN -S MyKDCNode
Solution:
In my case, the solution revolved about the fact that the lab nodes
that failed had two NIC cards. One to the corporate network and
one to a non-routable network chaining them together.
Adding the line:
interfaces = 192.168.199.155/24
to the /etc/samba/smb.conf file made the problem go away and the
join worked.
Robert E. Styma
Principal Engineer (DMTS)
Lucent Technologies, Phoenix
Email: stymar@lucent.com
Phone: 623-582-7323
FAX: 623-581-4390
Company: http://www.lucent.com
Personal: http://www.swlink.net/~styma