With Samba 3.0.23c I am unable to join the server to AD. The command and messages return: # ./net ads join createcomputer=OUlevel1/OUlevel2/Servers -Uadminacct adminacct's password: Using short domain name -- DOMAIN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'SAMBA' in realm 'DOMAIN.COMPANY.COM' After this "net ads join" the server appears in the correct OU and is indeed disabled. Enabling it doesn't help; after starting the Samba processes, access attempts prompt for username and password and nothing works. The situation is the Samba server is a DNS server for a non-AD domain so I can't have its DNS domain match the AD domain, and the only administrative accounts I have access to are for the OU I'm attempting to add the server to, not for the entire AD domain. I am running 3.0.21b in production without any problems. Is there any work around for this issue? I think bug 3906 points out this problem, I would be happy to provide further information if it would be helpful. Thank you. -- --------------------------------------------------------------------- Jay D. Anderson John Deere Davenport Works Jay@DW.Deere.com P.O. Box 4198 Phone: 563.388.4268 Fax: 563.388.4159 Davenport, Iowa 52808-4198
With Samba 3.0.22, I created the computer account manually in Active Directory and then use the following command: net ads join -S domain.controller.computer.name -U active.directory.user.with.domain.admin.privileges To do this, make sure that in your smb.conf file, you have the option server string = computer.account.name set. Hope this helps. Oh, I also have netbios name = computer.account.name set as well. Jay D. Anderson wrote:> With Samba 3.0.23c I am unable to join the server to AD. The command and > messages return: > > # ./net ads join createcomputer=OUlevel1/OUlevel2/Servers -Uadminacct > adminacct's password: > > Using short domain name -- DOMAIN > Failed to set servicePrincipalNames. Please ensure that > the DNS domain of this server matches the AD domain, > Or rejoin with using Domain Admin credentials. > Disabled account for 'SAMBA' in realm 'DOMAIN.COMPANY.COM' > > After this "net ads join" the server appears in the correct OU and is > indeed disabled. Enabling it doesn't help; after starting the Samba > processes, access attempts prompt for username and password and nothing > works. > > The situation is the Samba server is a DNS server for a non-AD domain so > I can't have its DNS domain match the AD domain, and the only > administrative accounts I have access to are for the OU I'm attempting > to add the server to, not for the entire AD domain. > > I am running 3.0.21b in production without any problems. > > Is there any work around for this issue? I think bug 3906 points out > this problem, I would be happy to provide further information if it > would be helpful. > > Thank you. > >
Maybe Matching Threads
- Samba 2.2.3a, print queue status "opening,"highserver load
- Authentication problem using userid@mydomain.com format
- Strange authentication problem - Samba 3.0.2a
- Samba 2.2.3a, print queue status "opening," high server load
- Authentication issue still exists in 3.0.3