David kacuba
2007-Nov-08 18:54 UTC
[Samba] Getting an error when joing a windows 2003 domain controller
Im getting an erro while joing my domain in AD windows 2003
[root@TESTSERVER etc]# net ads join -Uadministrator%password
Using short domain name -- FAMILYENRICHMEN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'TESTSERVER' in realm
'FAMILYENRICHMENTNETWORK.LOCAL'
Failed to join domain: Type or value exists
here is my /etc/hosts
192.168.0.1 server1.familyenrichmentnetwork.local server1
here is my /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FamilyEnrichmentNetwork.local
dns_lookup_realm = NO
default_etypes_des = des-cbc-crc des-cbc-md
default_etypes_des = des-cbc-crc des-cbc-md5
dns_lookup_kdc = NO
ticket_lifetime = 2400
forwardable = yes
[realms]
FamilyEnrichmentNetwork.local = {
kdc = server1.FamilyEnrichmentNetwork.local
default_domain = FamilyEnrichmentNetwork.local
kdc = FamilyEnrichmentNetwork.local
Kdc = 192.168.0.1
admin_server = server1.FamilyEnrichmentNetwork.local
}
here is my smb.conf
[global]
log file = /var/log/samba/log.%m
load printers = yes
idmap gid = 10000-20000
auth methods = winbind
ntlm auth = no
client use spnego = yes
winbind trusted domains only = yes
encrypt passwords = yes
realm = FamilyEnrichmentNetwork.local
winbind use default domain = yes
use kerberos keytab = yes
passdb backend = tdbsam
netbios aliases = TESTSERVER
cups options = raw
server string = test server
winbind enum users = yes
idmap uid = 10000-20000
password server = Server1.FamilyEnrichmentNetwork.local
remote announce = 192.168.0.1
workgroup = FamilyEnrichmen
client lanman auth = no
os level = 20
winbind enum groups = yes
server signing = auto
security = ads
max log size = 50
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = "
; security = ads
; passdb backend = tdbsam
; realm = FamilyEnrichmentNetwork.local
; password server = 192.168.0.1
# ----------------------- Domain Controller Options
------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
security = ads
; passdb backend = tdbsam
; domain master = no
; domain logons = no
# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support by specifing an empty path
; logon path ; add user script = /usr/sbin/useradd "%u"
-n -g users
; add group script = /usr/sbin/groupadd "%g"
Thnaks for your help
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Howard Wilkinson
2007-Nov-08 21:15 UTC
[Samba] Getting an error when joing a windows 2003 domain controller
David kacuba wrote:> Im getting an erro while joing my domain in AD windows 2003 > > [root@TESTSERVER etc]# net ads join -Uadministrator%password Using short domain name -- FAMILYENRICHMEN > Failed to set servicePrincipalNames. Please ensure that > the DNS domain of this server matches the AD domain, > Or rejoin with using Domain Admin credentials. > Deleted account for 'TESTSERVER' in realm 'FAMILYENRICHMENTNETWORK.LOCAL' > Failed to join domain: Type or value exists > > > > > here is my /etc/hosts > > 192.168.0.1 server1.familyenrichmentnetwork.local server1 >This is your problem! The DOMAIN name is limited to 15 characters (so are the host names but that includes a terminating $) so only use 14.> > here is my /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > [libdefaults] > default_realm = FamilyEnrichmentNetwork.local > dns_lookup_realm = NO > default_etypes_des = des-cbc-crc des-cbc-md > default_etypes_des = des-cbc-crc des-cbc-md5 > dns_lookup_kdc = NO > ticket_lifetime = 2400 > forwardable = yes > [realms] > FamilyEnrichmentNetwork.local = { > kdc = server1.FamilyEnrichmentNetwork.local > default_domain = FamilyEnrichmentNetwork.local > kdc = FamilyEnrichmentNetwork.local > Kdc = 192.168.0.1 > admin_server = server1.FamilyEnrichmentNetwork.local > } > > here is my smb.conf > > [global] > log file = /var/log/samba/log.%m > load printers = yes > idmap gid = 10000-20000 > auth methods = winbind > ntlm auth = no > client use spnego = yes > winbind trusted domains only = yes > encrypt passwords = yes > realm = FamilyEnrichmentNetwork.local > winbind use default domain = yes > use kerberos keytab = yes > passdb backend = tdbsam > netbios aliases = TESTSERVER > cups options = raw > server string = test server > winbind enum users = yes > idmap uid = 10000-20000 > password server = Server1.FamilyEnrichmentNetwork.local > remote announce = 192.168.0.1 > workgroup = FamilyEnrichmen > client lanman auth = no > os level = 20 > winbind enum groups = yes > server signing = auto > security = ads > max log size = 50 > # ----------------------- Domain Members Options ------------------------ > # > # Security must be set to domain or ads > # Use password server option only with security = server or if you can't > # use the DNS to locate Domain Controllers > # The argument list may include: > # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] > # or to auto-locate the domain controller/s > # password server = " > > ; security = ads > ; passdb backend = tdbsam > ; realm = FamilyEnrichmentNetwork.local > ; password server = 192.168.0.1 > > # ----------------------- Domain Controller Options ------------------------ > # > # Security must be set to user for domain controllers > # > # Backend to store user information in. New installations should > # use either tdbsam or ldapsam. smbpasswd is available for backwards > # compatibility. tdbsam requires no further configuration. > # > # Domain Master specifies Samba to be the Domain Master Browser. This > # allows Samba to collate browse lists between subnets. Don't use this > # if you already have a Windows NT domain controller doing this job > # > > security = ads > ; passdb backend = tdbsam > ; domain master = no > ; domain logons = no > # the login script name depends on the machine name > ; logon script = %m.bat > # the login script name depends on the unix user used > ; logon script = %u.bat > ; logon path = \\%L\Profiles\%u > # disables profiles support by specifing an empty path > ; logon path > ; add user script = /usr/sbin/useradd "%u" -n -g users > ; add group script = /usr/sbin/groupadd "%g" > > > Thnaks for your help > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com >-- Howard Wilkinson Phone: +44(20)76907075 Coherent Technology Limited Fax: 23 Northampton Square, Mobile: +44(7980)639379 United Kingdom, EC1V 0HL Email: howard@cohtech.com
Apparently Analagous Threads
- ads_connect: Program lacks support for encryption type
- proxy: get rid of redundant log-informations
- getent passwd works but all wbinfo commands fail
- SIP RTP Negotiation
- Is it possible to live migrate guest OS'es between different versions of kvm/qemu-kvm with libvirt?