Schuyler Bishop
2015-Nov-17 21:41 UTC
[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
Interesting. So would having the account I'm creating it with in the same subdomain fix the potential trust issues, or is samba's function in a subdomain in general in question? On Tue, Nov 17, 2015 at 3:25 PM Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 17/11/15 19:32, Schuyler Bishop wrote: > > Hi Rowland, > > > > Thanks for the response. I stripped my smb.conf down to the bare > > suggestions and still have a no-go on the testjoin. This really smells > > to me like a kerberos configuration issue due to the computer existing > > in one and users authenticating from the forrest root. Unfortunately > > I don't know where to begin to look for answers as the kerberos > > configurations I've found referenced don't have that concept. > > > > Is there actually a DC for HIJ.KLM.COM ? > > This could be a trust problem and I don't think trusts work fully yet > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2015-Nov-17 22:04 UTC
[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
On 17/11/15 21:41, Schuyler Bishop wrote:> Interesting. So would having the account I'm creating it with in the > same subdomain fix the potential trust issues, or is samba's function > in a subdomain in general in question? >I honestly don't know, what I can say is that when you try to join a Samba domain member to a DC in the same domain, it just works. Has anybody been able to make this work ? Rowland
L.P.H. van Belle
2015-Nov-18 07:52 UTC
[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
Hai,>From the logs. > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or > directory) kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot > contact any KDC for requested realm > ads_connect: Cannot contact any KDC for requested realm Join to domain > is not valid: No logon servers return code = -1In your krb5.conf ad.hij.klm.com does that exist in the domain. Because in you logs is see also.> resolve_lmhosts: Attempting lmhosts lookup for name > AD1.HIJ.KLM.COM<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > AD1.HIJ.KLM.COM<0x20> > resolve_wins: WINS server resolution selected and no WINS servers listed. > resolve_hosts: Attempting host lookup for name AD1.HIJ.KLM.COM<0x20> > Successfully contacted LDAP server a.b.c.d Connected to LDAP server > ad1.hij.klm.comYour sure in krb5.conf> admin_server = ad.hij.klm.com is correct ?Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > Verzonden: dinsdag 17 november 2015 23:05 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems > successful with caveats, testjoin reports no logon servers... > > On 17/11/15 21:41, Schuyler Bishop wrote: > > Interesting. So would having the account I'm creating it with in the > > same subdomain fix the potential trust issues, or is samba's function > > in a subdomain in general in question? > > > > I honestly don't know, what I can say is that when you try to join a > Samba domain member to a DC in the same domain, it just works. > > Has anybody been able to make this work ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Schuyler Bishop
2015-Nov-18 18:08 UTC
[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
When I sent the original note, I had it configured this way: [realms] HIJ.KLM.COM <http://hij.klm.com/> = { kdc = ad1.hij.klm.com kdc = ad2.hij.klm.com admin_server = ad.hij.klm.com default_domain = hij.klm.com } [domain_realm] .xyz.hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/> .hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/> But then after reading about kerberos on the samba site, it seemed to suggest to not configure krb5.conf and instead rely on DNS. I then noticed these two lines in the krb5.conf that seemed to say "ignore DNS for kerberos": dns_lookup_realm = false dns_lookup_kdc = false After changing those to true and commenting all the realm and domain_realm stuff out, I could still do a kinit of my domain account and login to the server using kerberos but still have issues with the testjoin and starting smbd gives me errors such as: [2015/11/17 20:16:58.660864, 0] ../source3/libads/kerberos_util.c:74(ads_kinit_password) kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot contact any KDC for requested realm On Wed, Nov 18, 2015 at 3:03 AM L.P.H. van Belle <belle at bazuin.nl> wrote:> Hai, > > From the logs. > > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or > > directory) kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot > > contact any KDC for requested realm > > ads_connect: Cannot contact any KDC for requested realm Join to domain > > is not valid: No logon servers return code = -1 > > In your krb5.conf > > ad.hij.klm.com does that exist in the domain. > Because in you logs is see also. > > > resolve_lmhosts: Attempting lmhosts lookup for name > > AD1.HIJ.KLM.COM<0x20> > > resolve_lmhosts: Attempting lmhosts lookup for name > > AD1.HIJ.KLM.COM<0x20> > > resolve_wins: WINS server resolution selected and no WINS servers listed. > > resolve_hosts: Attempting host lookup for name AD1.HIJ.KLM.COM<0x20> > > Successfully contacted LDAP server a.b.c.d Connected to LDAP server > > ad1.hij.klm.com > > > Your sure in krb5.conf > > admin_server = ad.hij.klm.com is correct ? > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > > Verzonden: dinsdag 17 november 2015 23:05 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems > > successful with caveats, testjoin reports no logon servers... > > > > On 17/11/15 21:41, Schuyler Bishop wrote: > > > Interesting. So would having the account I'm creating it with in the > > > same subdomain fix the potential trust issues, or is samba's function > > > in a subdomain in general in question? > > > > > > > I honestly don't know, what I can say is that when you try to join a > > Samba domain member to a DC in the same domain, it just works. > > > > Has anybody been able to make this work ? > > > > Rowland > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
- Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
- Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
- Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...
- Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...