I am trying to setup a Samba4 as Domain Member to Samba 4 AD DC. The OS is Centos 7 and the samba is sernet samba 4.3 When I run the following command net ads join -U Administrator -S solae.local I take the following message: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown Failed to join domain: failed to connect to AD: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown here is the smb.conf # Global parameters [global] netbios name = SOLAD workgroup = SOLAE realm = SOLAE.LOCAL security = ADS server role = member server idmap config SOLAE : backend = rid # idmap config SOLAE :schema_mode = rfc2307 idmap config SOLAE : range = 10000-9999999 idmap config * : backend = tdb idmap config * : range = 10000000-19999999 # winbind nss info = rfc2307 # winbind trusted domains only = no # winbind use default domain = yes # winbind enum users = yes # winbind enum groups = yes # dns forwarder = 10.0.0.2 #[home] # path = /home/users # read only = No #[profiles] # path = /var/lib/samba/profiles # read only = no [Public] path = /home/Public read only = no #[Application] # path = /home/Application # read only = no here is the krb5.conf [libdefaults] default_realm = SOLAE.LOCAL dns_lookup_realm = false dns_lookup_kdc = true any idea? Georgios Liolios *************************************************************************************** Αποποίηση ευθύνης: Οι πληροφορίες σε αυτό το email είναι εμπιστευτικές και προορίζονται αποκλειστικά για τον παραλήπτη. Εάν έχετε λάβει αυτό το μήνυμα από λάθος και δεν είστε εσείς ο προοριζόμενος παραλήπτης, σας ενημερώνουμε ότι αποκάλυψη, αντιγραφή, διανομή ή χρήση αυτού του μηνύματος ή των περιεχομένων του απαγορεύεται. Επιπλέον, σας παρακαλούμε να μας στείλετε πίσω το αρχικό μήνυμα στη διεύθυνση postmaster at solae.gr και να διαγράψετε το μήνυμα από το σύστημά σας αμέσως. Οι επικοινωνίες μέσω του Διαδικτύου δεν είναι ασφαλείς και επομένως η ΣΟΛ Α.Ε. � �εν αποδέχεται τη νομική ευθύνη για τα περιεχόμενα αυτού του μηνύματος και για οποιαδήποτε ζημιά μπορεί να προκληθεί από ιούς. Απόψεις που διατυπώνονται, είναι αποκλειστικά του συντάκτη και δεν αντιπροσωπεύουν απαραίτητα τις απόψεις της ΣΟΛ Α.Ε. Σας ευχαριστούμε, ΣΟΛ Α.Ε. - ΣΥΝΕΡΓΑΖΟΜΕΝΟΙ ΟΡΚΩΤΟΙ ΛΟΓΙΣΤΕΣ Α.Ε. Email Disclaimer: The information in this email is confidential and is intended solely for the addressee(s). If you have received this transmission in error, and you are not an intended recipient, be aware that any disclosure, copying, distribution or use of this transmission or its contents is prohibited. Furthermore, you are kindly requested to send us back the original message at the address postmaster at solae.gr and delete the message from your system immediately. Internet communications are not secure and therefore the SOL S.A. does not accept legal responsibility for the contents of this message and for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SOL S.A. Thank You, SOL S.A. - ASSOCIATED CERTIFIED PUBLIC ACCOUNTANTS S.A. ***************************************************************************************
Rowland penny
2016-Apr-09 07:48 UTC
[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
On 09/04/16 08:22, Lists wrote:> I am trying to setup a Samba4 as Domain Member to Samba 4 AD DC. > The OS is Centos 7 and the samba is sernet samba 4.3 > When I run the following command > > net ads join -U Administrator -S solae.local > > I take the following message: > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown > Failed to join domain: failed to connect to AD: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown > > here is the smb.conf > > # Global parameters > [global] > netbios name = SOLAD > workgroup = SOLAE > realm = SOLAE.LOCAL > security = ADS > server role = member server > idmap config SOLAE : backend = rid > # idmap config SOLAE :schema_mode = rfc2307 > idmap config SOLAE : range = 10000-9999999 > idmap config * : backend = tdb > idmap config * : range = 10000000-19999999 > > # winbind nss info = rfc2307 > # winbind trusted domains only = no > # winbind use default domain = yes > # winbind enum users = yes > # winbind enum groups = yes > # dns forwarder = 10.0.0.2 > #[home] > # path = /home/users > # read only = No > > #[profiles] > # path = /var/lib/samba/profiles > # read only = no > > [Public] > path = /home/Public > read only = no > > #[Application] > # path = /home/Application > # read only = no > > here is the krb5.conf > [libdefaults] > default_realm = SOLAE.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true > > any idea? > > Georgios Liolios >I take it you didn't see the info about not using '.local', I would suggest either changing this, or turn off avahi on all Unix machines. Try having a look here for how to setup a domain member: wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member Finally, you shouldn't need the '-S solae.local', the net command should find the DC via dns Rowland
The avahi is turned off on all unix mashines. I have allready taking a look wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member but I have this problem kinit succeeded but ads_sasl_spnego_krb5_bind failed. any idea? On 09/04/16 08:22, Lists wrote:> I am trying to setup a Samba4 as Domain Member to Samba 4 AD DC. > The OS is Centos 7 and the samba is sernet samba 4.3 > When I run the following command > > net ads join -U Administrator -S solae.local > > I take the following message: > > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown > Failed to join domain: failed to connect to AD: Miscellaneous failure (see text) : Server (ldap/solae.local at SOLAE.LOCAL) unknown > > here is the smb.conf > > # Global parameters > [global] > netbios name = SOLAD > workgroup = SOLAE > realm = SOLAE.LOCAL > security = ADS > server role = member server > idmap config SOLAE : backend = rid > # idmap config SOLAE :schema_mode = rfc2307 > idmap config SOLAE : range = 10000-9999999 > idmap config * : backend = tdb > idmap config * : range = 10000000-19999999 > > # winbind nss info = rfc2307 > # winbind trusted domains only = no > # winbind use default domain = yes > # winbind enum users = yes > # winbind enum groups = yes > # dns forwarder = 10.0.0.2 > #[home] > # path = /home/users > # read only = No > > #[profiles] > # path = /var/lib/samba/profiles > # read only = no > > [Public] > path = /home/Public > read only = no > > #[Application] > # path = /home/Application > # read only = no > > here is the krb5.conf > [libdefaults] > default_realm = SOLAE.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true > > any idea? > > Georgios Liolios >I take it you didn't see the info about not using '.local', I would suggest either changing this, or turn off avahi on all Unix machines. Try having a look here for how to setup a domain member: wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member Finally, you shouldn't need the '-S solae.local', the net command should find the DC via dns Rowland -- To unsubscribe from this list go to the following URL and read the instructions: lists.samba.org/mailman/options/samba *************************************************************************************** Αποποίηση ευθύνης: Οι πληροφορίες σε αυτό το email είναι εμπιστευτικές και προορίζονται αποκλειστικά για τον παραλήπτη. Εάν έχετε λάβει αυτό το μήνυμα από λάθος και δεν είστε εσείς ο προοριζόμενος παραλήπτης, σας ενημερώνουμε ότι αποκάλυψη, αντιγραφή, διανομή ή χρήση αυτού του μηνύματος ή των περιεχομένων του απαγορεύεται. Επιπλέον, σας παρακαλούμε να μας στείλετε πίσω το αρχικό μήνυμα στη διεύθυνση postmaster at solae.gr και να διαγράψετε το μήνυμα από το σύστημά σας αμέσως. Οι επικοινωνίες μέσω του Διαδικτύου δεν είναι ασφαλείς και επομένως η ΣΟΛ Α.Ε. � �εν αποδέχεται τη νομική ευθύνη για τα περιεχόμενα αυτού του μηνύματος και για οποιαδήποτε ζημιά μπορεί να προκληθεί από ιούς. Απόψεις που διατυπώνονται, είναι αποκλειστικά του συντάκτη και δεν αντιπροσωπεύουν απαραίτητα τις απόψεις της ΣΟΛ Α.Ε. Σας ευχαριστούμε, ΣΟΛ Α.Ε. - ΣΥΝΕΡΓΑΖΟΜΕΝΟΙ ΟΡΚΩΤΟΙ ΛΟΓΙΣΤΕΣ Α.Ε. Email Disclaimer: The information in this email is confidential and is intended solely for the addressee(s). If you have received this transmission in error, and you are not an intended recipient, be aware that any disclosure, copying, distribution or use of this transmission or its contents is prohibited. Furthermore, you are kindly requested to send us back the original message at the address postmaster at solae.gr and delete the message from your system immediately. Internet communications are not secure and therefore the SOL S.A. does not accept legal responsibility for the contents of this message and for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of SOL S.A. Thank You, SOL S.A. - ASSOCIATED CERTIFIED PUBLIC ACCOUNTANTS S.A. ***************************************************************************************
Possibly Parallel Threads
- kinit succeeded but ads_sasl_spnego_krb5_bind failed
- kinit succeeded but ads_sasl_spnego_krb5_bind failed
- kinit succeeded but ads_sasl_spnego_krb5_bind failed
- kinit succeeded but ads_sasl_spnego_krb5_bind failed
- kinit succeeded but ads_sasl_spnego_krb5_bind failed