L. van Belle
2022-Apr-28 13:59 UTC
[Samba] Domain join not happening on Debian/Ubuntu machines
Hai,
Please reply to the samba-list and add the OS and samba version then you reply.
There are multiple things off here.
/etc/hosts not wrong but can be done better in that
setup.
/etc/resolv.conf missing options when using more then 3 DNS
servers.
fist server(s), should be the AD
DNS servers of the realm you want to join.
I suggest, remove all except the
one you need for now.
To start with.
This is failing due bad resolving, as far I can see for now.
Greetz,
Louis
Van:
Sac Isilia
Verzonden:
donderdag 28 april 2022 10:59
Aan:
belle at samba.org
Onderwerp:
Re: [Samba] Domain join not happening on Debian/Ubuntu machines
Hi Belle,
Below are the config details.
--------------
smb.conf
---------------
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[g_orden_compra]"
Processing section "[docs_as400]"
Processing section "[print$]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
dedicated keytab file = /etc/krb5.keytab
dns proxy = No
domain master = No
kerberos method = secrets and keytab
local master = No
log file = /var/log/samba/log.%m
logging = file
max log size = 1000
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword: * %n\n
*password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
realm = AP.MEDIA.GLOBAL.LOC
security = ADS
server string = %h server (Samba, Ubuntu)
syslog = 0
template shell = /bin/bash
unix password sync = Yes
winbind expand groups = 2
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = AP-MEDIA
idmap config * : range = 10000-9999999
idmap config * : backend = autorid
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[g_orden_compra]
path = /var/www/html/g_orden_compra
read only = No
valid users = digest400
[docs_as400]
path = /var/www/html/docs_as400
read only = No
valid users = digest400
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
---------------------------------
/etc/resolv.conf
----------------------------------
search media.global.loc emea.media.global.loc americas.media.global.loc
dmz.local ap.media.global.loc
nameserver 10.76.205.15
nameserver 10.69.129.16
nameserver 10.69.129.61
nameserver 10.69.129.60
nameserver 10.19.26.134
nameserver 10.19.26.135
nameserver 10.19.26.144
nameserver 10.19.26.145
----------------------
/etc/hosts
--------------------------------
127.0.0.1
localhost
127.0.1.1
ubuntu
# The following lines are desirable for IPv6 capable hosts
::1
localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.115.227
nyc03snow01.corp.local
10.76.205.168
cngzh1dnl01.ap.media.global.loc cngzh1dnl01
Regards
Sachin Kumar
On Thu, Apr 28, 2022 at 9:04 AM L. van Belle <
belle at samba.org
> wrote:
Please post your smb.conf and /etc/hosts and /etc/resolv.conf
without it we cant do anything, but giving wild guesses..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba Namens Sac Isilia via samba
> Verzonden: donderdag 28 april 2022 6:53
> Aan: sambalist <
samba at lists.samba.org
>
> Onderwerp: Re: [Samba] Domain join not happening on Debian/Ubuntu
> machines
>
> Hi Team,
>
> We are trying to domain join the Debian/Ubuntu machines via winbind .
We
> have attempted to join the RHEL servers in different domain and they
were
> successful.
> But while joining the Debian machines we get below error.
>
> root at cngzh1dnl01:~# net ads join -U media\\test_sachin
>
> Enter media\test_sachin's password:
>
> kerberos_kinit_password
test_sachin at AP.MEDIA.GLOBAL.LOC
failed: Client
> not
> found in Kerberos database
>
> *Failed to join domain: failed to connect to AD: Client not found in
> Kerberos database*
>
> root at cngzh1dnl01:~# systemctl restart winbind.service
>
> Job for winbind.service failed because the control process exited with
> error code.
>
> See "systemctl status winbind.service" and
"journalctl -xe" for details.
>
> root at cngzh1dnl01:~#
>
>
> The one thing we observed that we are using MEDIA domain to join the
> servers in media and other domains available. This process works fine
with
> REDHAT as it joined across multiple domains using MEDIA\test_sachin but
> same was not successful against debian machines.
>
>
> We contacted our AD team but they said that our MEDIA account is
resolving
> to
test_sachin at AP.MEDIA.GLOBAL.LOC
and the account is working fine and
> there is issue on the linux side.
>
>
> Can you help us clarify what can be the issue here that the same
account
> works fine for REDHAT servers but fails for Debian/Ubuntu and as matter
of
> fact for SUSE as well for domains other than MEDIA.
>
>
> Domains LIst
>
> ------------------
>
> media.global.loc
>
> emea.media.global.loc
>
> ap.media.global.loc
>
>
> Regards
>
> Sachin Kumar
>
> On Wed, Apr 27, 2022 at 5:34 PM Sac Isilia <
udaypratap.singh65 at gmail.com
>
> wrote:
>
> > Hi Team,
> >
> > We are trying to domain join the Debian/Ubuntu machines via
winbind .
> We
> > have attempted to join the RHEL servers in different domain
and they
were
> > successful.
> > But while joining the Debian machines we get below error.
> >
> > root at cngzh1dnl01:~# net ads join -U media\\test_sachin
> >
> > Enter media\test_sachin's password:
> >
> > kerberos_kinit_password
test_sachin at AP.MEDIA.GLOBAL.LOC
failed:
> Client
> > not found in Kerberos database
> >
> > *Failed to join domain: failed to connect to AD: Client not
found in
> > Kerberos database*
> >
> > root at cngzh1dnl01:~# systemctl restart winbind.service
> >
> > Job for winbind.service failed because the control process
exited with
> > error code.
> >
> > See "systemctl status winbind.service" and
"journalctl -xe" for details.
> >
> > root at cngzh1dnl01:~#
> >
> >
> > The one thing we observed that we are using MEDIA domain to
join the
> > servers in media and other domains available. This process
works fine
with
> > REDHAT as it joined across multiple domains using
MEDIA\test_sachin but
> > same was not successful against debian machines.
> >
> >
> > We contacted our AD team but they said that our MEDIA account
is
> resolving
> > to
test_sachin at AP.MEDIA.GLOBAL.LOC
and the account is working fine
> and
> > there is issue on the linux side.
> >
> >
> > Can you help us clarify what can be the issue here that the
same account
> > works fine for REDHAT servers but fails for Debian/Ubuntu and
as matter
of
> > fact for SUSE as well for domains other than MEDIA.
> >
> >
> > Domains LIst
> >
> > ------------------
> >
> > media.global.loc
> >
> > emea.media.global.loc
> >
> > ap.media.global.loc
> >
> >
> > Regards
> >
> > Sachin Kumar
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
https://lists.samba.org/mailman/options/samba
Rowland Penny
2022-Apr-28 14:33 UTC
[Samba] Domain join not happening on Debian/Ubuntu machines
On Thu, 2022-04-28 at 15:59 +0200, L. van Belle via samba wrote:> > > > > > > > > > > > > Hai, >Someone has a very borked email client (either that, or there is a sale on for blank lines) :-D I suggest you remove these lines from the smb.conf: passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword: * %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u unix password sync = Yes They are only meant for a standalone server. Change /etc/resolv.conf to this: search ap.media.global.loc nameserver AD_DC_IPADDRESS (repeat for all DCs in the ap.media.global.loc dns domain) If this Unix domain members hostname is 'ubuntu' replace '127.0.1.1 ubuntu' in /etc/hosts with: 127.0.1.1 ubuntu.ap.media.global.loc ubuntu If it isn't 'ubuntu' then replace 'ubuntu' with the computers 'FQDN shorthostname' Remove the last two lines from /etc/hosts If you are going to use multiple domains, you will need to use 'trusts'. Rowland
L.P.H. van Belle
2022-Apr-29 08:30 UTC
[Samba] Domain join not happening on Debian/Ubuntu machines
Goodmorngin, Its the "sale of blanc lines" I think.. ?? I don?t know "why" this sometimes happens, but I do know its always something with HTML to plain text.. Stays strange.. Gr. Louis> -----Oorspronkelijk bericht----- > Van: samba Namens Rowland Penny via samba > Verzonden: donderdag 28 april 2022 16:33 > Aan: samba at lists.samba.org > CC: Rowland Penny <rpenny at samba.org> > Onderwerp: Re: [Samba] Domain join not happening on Debian/Ubuntu > machines > > On Thu, 2022-04-28 at 15:59 +0200, L. van Belle via samba wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > Hai, > > > > Someone has a very borked email client (either that, or there is a sale > on for blank lines) :-D > > I suggest you remove these lines from the smb.conf: > > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword: * %n\n *password\supdated\ssuccessfully* . > passwd program = /usr/bin/passwd %u > unix password sync = Yes > > They are only meant for a standalone server. > > Change /etc/resolv.conf to this: > > search ap.media.global.loc > nameserver AD_DC_IPADDRESS (repeat for all DCs in the > ap.media.global.loc dns domain) > > If this Unix domain members hostname is 'ubuntu' replace '127.0.1.1 > ubuntu' in /etc/hosts with: > > 127.0.1.1 ubuntu.ap.media.global.loc ubuntu > > If it isn't 'ubuntu' then replace 'ubuntu' with the computers 'FQDN > shorthostname' > Remove the last two lines from /etc/hosts > > If you are going to use multiple domains, you will need to use > 'trusts'. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba