Mathew Rowley
2010-Nov-02 16:46 UTC
[Samba] Joining AD Domain = NT_STATUS_INVALID_COMPUTER_NAME
When I try and join my AD domain, I get the following error:
root at mat-desktop:~# net join -I 10.252.159.137 -U Administrator
Enter Administrator's password:
[2010/11/02 10:38:01.176096, 0] utils/net_rpc_join.c:406(net_rpc_join_newstyle)
Error in domain join verification (credential setup failed):
NT_STATUS_INVALID_COMPUTER_NAME
Unable to join domain SECLAB.
In my smb.conf, my computer name is set to 'MAT-DESKTOP' (which I
thought was a valid name):
root at mat-desktop:~# grep -A1 'server string' /etc/samba/smb.conf
server string = MAT-DESKTOP
netbios name = MAT-DESKTOP
Does anyone know why else I would be getting that error message? kinit work
fine, and here are my additional configs:
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
kdc = SYSLOG:INFO:AUTH
admin_server = FILE:/var/log/kadmind.log
admin_server = SYSLOG:INFO:AUTH
[libdefaults]
default_realm = SECLAB
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[realms]
SECLAB = {
kdc = seclab.security.lab.net:88
default_domain = seclab.security.lab.net
}
.seclab.security.lab.net = SECLAB
seclab.security.lab.net = SECLAB
smb.conf:
[global]
workgroup = SECLAB
server string = MAT-DESKTOP
netbios name = MAT-DESKTOP
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = no
password server = seclab.security.lab.net //your AD-server
realm = SECLAB
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Rowley, Mathew
2010-Nov-02 16:47 UTC
[Samba] Joining AD Domain = NT_STATUS_INVALID_COMPUTER_NAME
When I try and join my AD domain, I get the following error:
root at mat-desktop:~# net join -I 10.252.159.137 -U Administrator
Enter Administrator's password:
[2010/11/02 10:38:01.176096, 0] utils/net_rpc_join.c:406(net_rpc_join_newstyle)
Error in domain join verification (credential setup failed):
NT_STATUS_INVALID_COMPUTER_NAME
Unable to join domain SECLAB.
In my smb.conf, my computer name is set to 'MAT-DESKTOP' (which I
thought was a valid name):
root at mat-desktop:~# grep -A1 'server string' /etc/samba/smb.conf
server string = MAT-DESKTOP
netbios name = MAT-DESKTOP
Does anyone know why else I would be getting that error message? kinit work
fine, and here are my additional configs:
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
kdc = SYSLOG:INFO:AUTH
admin_server = FILE:/var/log/kadmind.log
admin_server = SYSLOG:INFO:AUTH
[libdefaults]
default_realm = SECLAB
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[realms]
SECLAB = {
kdc = seclab.security.lab.net:88
default_domain = seclab.security.lab.net<http://seclab.security.lab.net/>
}
.seclab.security.lab.net = SECLAB
seclab.security.lab.net<http://seclab.security.lab.net/> = SECLAB
smb.conf:
[global]
workgroup = SECLAB
server string = MAT-DESKTOP
netbios name = MAT-DESKTOP
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = no
password server =
seclab.security.lab.net<http://seclab.security.lab.net/> //your AD-server
realm = SECLAB
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no