Knut Kroeger
2006-Nov-21 19:22 UTC
[Samba] Strange nslookup results and can´t join ad domain
Hello to all, first, I would join a win2003 domain running in hybrid mode. It?s a SuSE 10.0 Linux box with samba 3.0.23d from sernet. I successfully got a kerberos ticket with kinit, klist schows me the result. But I can?t join the ad domain. After entering "net ads join -U Administrator@REALM" and the admin pw I?ve got this error message after a few minutes(!): utils/net_ads.c:ads_startup ads_connect: Operations error The logfiles offers that there might be an error with the name resolution: cannot resolve host: _ldap._tcp.dc._msdcs.REALM As reported I?ve tested this with nslookup: No result on the Linuxbox, but it works on XP clients on the same subnet (?). I?ve checked twice the configuration of the dns on the XP machine an the Linuxbox: Identical. I would be happy if there is anybody with a hint to solve this. Greets Knut
Geir A. Myrestrand
2006-Nov-21 20:11 UTC
[Samba] Strange nslookup results and can´t join ad domain
Knut Kroeger wrote:> Hello to all, > first, I would join a win2003 domain running in hybrid mode. It?s a SuSE > 10.0 Linux box with samba 3.0.23d from sernet. I successfully got a > kerberos ticket with kinit, klist schows me the result. But I can?t join > the ad domain. After entering "net ads join -U Administrator@REALM" and > the admin pw I?ve got this error message after a few minutes(!): > utils/net_ads.c:ads_startup ads_connect: Operations error > The logfiles offers that there might be an error with the name > resolution: cannot resolve host: _ldap._tcp.dc._msdcs.REALM > As reported I?ve tested this with nslookup: No result on the Linuxbox, > but it works on XP clients on the same subnet (?). I?ve checked twice > the configuration of the dns on the XP machine an the Linuxbox: Identical. > I would be happy if there is anybody with a hint to solve this.Is REALM the name of your Kerberos realm? You may want to verify your DNS registration: Verify DNS registration for domain controllers using the nslookup command http://technet2.microsoft.com/WindowsServer/en/library/b6879c0b-cff7-438d-a7f3-0715456dcefb1033.mspx?mfr=true I add the domain controllers to my /etc/hosts file too, ensuring that I can resolve the IP address using both the hostname and the FQDN for the domain controller. -- Geir A. Myrestrand
Knut Kroeger
2006-Nov-21 21:41 UTC
[Samba] Strange nslookup results and can´t join ad domain
Geir A. Myrestrand schrieb:> Knut Kroeger wrote: > >> Hello to all, >> first, I would join a win2003 domain running in hybrid mode. It?s a >> SuSE 10.0 Linux box with samba 3.0.23d from sernet. I successfully got >> a kerberos ticket with kinit, klist schows me the result. But I can?t >> join the ad domain. After entering "net ads join -U >> Administrator@REALM" and the admin pw I?ve got this error message >> after a few minutes(!): utils/net_ads.c:ads_startup ads_connect: >> Operations error >> The logfiles offers that there might be an error with the name >> resolution: cannot resolve host: _ldap._tcp.dc._msdcs.REALM >> As reported I?ve tested this with nslookup: No result on the Linuxbox, >> but it works on XP clients on the same subnet (?). I?ve checked twice >> the configuration of the dns on the XP machine an the Linuxbox: >> Identical. >> I would be happy if there is anybody with a hint to solve this. > > > Is REALM the name of your Kerberos realm?Yes. REALM ist identical to the ad domain.> > You may want to verify your DNS registration: > > Verify DNS registration for domain controllers using the nslookup command > http://technet2.microsoft.com/WindowsServer/en/library/b6879c0b-cff7-438d-a7f3-0715456dcefb1033.mspx?mfr=trueKeeping in mind that the Win2003 DC wasn?t setup by myself I?ll give this a chance.> > > I add the domain controllers to my /etc/hosts file too, ensuring that I > can resolve the IP address using both the hostname and the FQDN for the > domain controller.I?ve tried this too, still no success. Still I wonder why nslookup works on XP and Linux don?t.... BTW: nslookup hostname.REALM works on both but not _ldap._tcp.dc._msdcs.REALM, this works only on XP... Thanxs to Geir
Knut Kroeger
2006-Nov-25 19:22 UTC
[Samba] Re: Strange nslookup results and can´t join ad domain
Jay, Jay Flory schrieb:> Knut > > When you say that you tested it with nslookup, what exactly did you test? > Did you test the whole string _ldap._tcp.dc._msdcs.REALM?Yes, exactly like your description. Strangewise it worked on XP machines but _not_ on Linux. I have had> several problems with DNS and Windows Server 2003. Try running the dcdiag > program from the windows resource CD. The command should be something like > dcdiag /c /fix. This should automatically fix any DNS problems.Automatically? I?ll take a look on it.> > Hope this helps.Thanx for your help Knut> ----- Original Message ----- From: "Knut Kroeger" <tontal@gmx.net> > Newsgroups: gmane.network.samba.general > Sent: Tuesday, November 21, 2006 11:21 AM > Subject: Strange nslookup results and can?t join ad domain > > > Hello to all, > first, I would join a win2003 domain running in hybrid mode. It?s a SuSE > 10.0 Linux box with samba 3.0.23d from sernet. I successfully got a > kerberos ticket with kinit, klist schows me the result. But I can?t join > the ad domain. After entering "net ads join -U Administrator@REALM" and > the admin pw I?ve got this error message after a few minutes(!): > utils/net_ads.c:ads_startup ads_connect: Operations error > The logfiles offers that there might be an error with the name > resolution: cannot resolve host: _ldap._tcp.dc._msdcs.REALM > As reported I?ve tested this with nslookup: No result on the Linuxbox, > but it works on XP clients on the same subnet (?). I?ve checked twice > the configuration of the dns on the XP machine an the Linuxbox: Identical. > I would be happy if there is anybody with a hint to solve this. > > Greets > > Knut