samba - Dec 2007 - Problem joining linux box to active directory domain

Hello, I'm having a hard time joining one linux server to an active
directory domain. I've searched everywhere for a solution but was
unsuccessful:

I went to samba.org and followed the examples in
http://us3.samba.org/samba/docs/man/Samba-Guide/
The examples are great... My scenario is described  in chapter 7
(http://us3.samba.org/samba/docs/man/...ts.html#adssdm)
It explains how to make a Linux box authenticate in a active directory
scenario. As soon as i get to the point where the box joins the
domain:

net ads join -UAdministrator%not24get

I get the error "ads_connect: No logon servers".

I searched all the logs, /var/log/messages /var/log/samba/* and found
nothing usefull.

transcript of a session:

proxy ~ # tail -f /var/log/messages &
proxy ~ # tail -f /var/log/samba/* &
proxy ~ # net ads join -Uadminusername%password
[2007/12/17 16:47:45, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
Failed to join domain: No logon servers
proxy ~ #


this is my smb.conf:
[global]
        unix charset = LOCALE
        workgroup = DOMAINNAME
        realm = REALMENAME
        server string = servername
        security = ADS
        username map = /etc/samba/smbusers
        log level = 5
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        printcap name = CUPS
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind separator = +
        #template primary group = "Users"


Can anyone help? I realy don't see what I'm doing wrong.

Hi Carlos,

Please check following.
1. Write "password server = [IPaddress for Active Directory server]"
in smb.conf.
2. Point "Active Directory server hostname" and "IPaddress"
in /etc/hosts.
3. Check "/etc/krb5.conf" whether it is correct.

Then try "net ads" with "-d" option as debug mode.
(net ads join -UAdministrator%not24get -d 3) It will be some hints for resolving
the problem.

Satoshi

Solved,

I would like to know what solved my problem... the truth is that I'm
not shure. I left the domain and rejoined a few time in my tests. And
it is finaly working. Just so that i can help someone i will put here
my current configuration:

smb.conf:
[global]
        netbios name = YOUR_NETBIOS_NAME
        password server = KERBEROS_SERVER_IP_ADDRESS
        unix charset = LOCALE
        workgroup = YOUR_WORKGROUP
        realm = YOUR_KERBEROS_REALM
        server string = STRING_DESCRIBING_YOUR_SERVER
        security = ADS
        username map = /etc/samba/smbusers
        local master = no
        preferred master = no
        encrypt passwords = yes

        log level = 2
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        printcap name = CUPS
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind separator = +
        #template primary group = "Users"

        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes

/etc/nsswitch.conf:
passwd:         compat winbind
shadow:         compat
group:          compat winbind
hosts:          files dns
networks:       files dns
services:       db files
protocols:      db files
rpc:            db files
ethers:         db files
netmasks:       files
netgroup:       files
publickey:      files
bootparams:     files
automount:      files
aliases:        files

/etc/krb5.conf:
[libdefaults]
        default_realm = YOUR_KERBEROS_REALM

[realms]
        YOUR_KERBEROS_REALM = {
                kdc = YOUR_KERBEROS_SERVER_DNS
        }

[domain_realm]
        .ipn.pt = YOUR_KERBEROS_REALM
        ipn.pt = YOUR_KERBEROS_REALM

/etc/hosts:
(add one line containing)
YOUR_KERBEROS_SERVER_IP_ADDRESS       YOUR_KERBEROS_SERVER_DNS


to join the domain i did a simple:
net -d join ads -UYOUR_ADMIN_USERNAME%YOUR_ADMIN_PASSWORD

thank you all for the help you gave me. It led me to the solution.

thank you.

>Hello, I'm having a hard time joining one linux server to an active
>directory domain. I've searched everywhere for a solution but was
>unsuccessful:
>
>I went to samba.org and followed the examples in
>http://us3.samba.org/samba/docs/man/Samba-Guide/
>The examples are great... My scenario is described  in chapter 7
>(http://us3.samba.org/samba/docs/man/...ts.html#adssdm)
>It explains how to make a Linux box authenticate in a active directory
>scenario. As soon as i get to the point where the box joins the
>domain:
>
>net ads join -UAdministrator%not24get
>
>I get the error "ads_connect: No logon servers".
>
>I searched all the logs, /var/log/messages /var/log/samba/* and found
>nothing usefull.
>
>transcript of a session:
>
>proxy ~ # tail -f /var/log/messages &
>proxy ~ # tail -f /var/log/samba/* &
>proxy ~ # net ads join -Uadminusername%password
>[2007/12/17 16:47:45, 0] utils/net_ads.c:ads_startup_int(286)
> ads_connect: No logon servers
>Failed to join domain: No logon servers
>proxy ~ #
>
>
>this is my smb.conf:
>[global]
>        unix charset = LOCALE
>        workgroup = DOMAINNAME
>        realm = REALMENAME
>        server string = servername
>        security = ADS
>        username map = /etc/samba/smbusers
>        log level = 5
>        syslog = 0
>        log file = /var/log/samba/%m
>        max log size = 50
>        printcap name = CUPS
>        ldap ssl = no
>        idmap uid = 10000-20000
>        idmap gid = 10000-20000
>        template shell = /bin/bash
>        winbind separator = +
>        #template primary group = "Users"
>
>
>Can anyone help? I realy don't see what I'm doing wrong.