Hi Joining a lubuntu 11.10 client to the domain I get this: net ads join -UAdministrator Enter Administrator's password: Using short domain name -- POLOP Joined 'LUBUNTU7' to realm 'hh3.site' No DNS domain configured for lubuntu7. Unable to perform DNS Update. DNS update failed! during the join this all seems OK: Kerberos: Looking for PKINIT pa-data -- LUBUNTU7$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- LUBUNTU7$@HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- LUBUNTU7$@HH3.SITE Kerberos: AS-REQ LUBUNTU7$@HH3.SITE from ipv4:192.168.1.24:59014 for krbtgt/HH3.SITE at HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- LUBUNTU7$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- LUBUNTU7$@HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU7$@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2012-04-01T18:05:39 starttime: unset endtime: 2012-04-02T04:05:39 renew till: 2012-04-02T18:05:20 Then, after: net ads keytab create everyone can work fine. Just worried about the error message on joining. Any ideas? Ignore? Thanks, Steve
Steve, On 04/01/2012 09:14 AM, steve wrote:> Hi > Joining a lubuntu 11.10 client to the domain I get this: > > net ads join -UAdministrator > Enter Administrator's password: > Using short domain name -- POLOP > Joined 'LUBUNTU7' to realm 'hh3.site' > No DNS domain configured for lubuntu7. Unable to perform DNS Update. > DNS update failed! > > during the join this all seems OK: > > Kerberos: Looking for PKINIT pa-data -- LUBUNTU7$@HH3.SITE > Kerberos: Looking for ENC-TS pa-data -- LUBUNTU7$@HH3.SITE > Kerberos: No preauth found, returning PREAUTH-REQUIRED -- > LUBUNTU7$@HH3.SITE > Kerberos: AS-REQ LUBUNTU7$@HH3.SITE from ipv4:192.168.1.24:59014 for > krbtgt/HH3.SITE at HH3.SITE > Kerberos: Client sent patypes: encrypted-timestamp, 149 > Kerberos: Looking for PKINIT pa-data -- LUBUNTU7$@HH3.SITE > Kerberos: Looking for ENC-TS pa-data -- LUBUNTU7$@HH3.SITE > Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU7$@HH3.SITE > using arcfour-hmac-md5 > Kerberos: AS-REQ authtime: 2012-04-01T18:05:39 starttime: unset > endtime: 2012-04-02T04:05:39 renew till: 2012-04-02T18:05:20 > > Then, after: > net ads keytab create > everyone can work fine. >The title seems to indicate samba4 when the body seems to indicate samba 3. Am I guessing right that you have this problem with a samba 3.x with samba 4 acting as a AD DC. If so with which version of samba3 do you have this problem, samba 3.5.x branch and early 3.6 have this problem even with MS AD, fix are present in the master git tree to fix this problem. Matthieu. -- Matthieu Patou Samba Team http://samba.org
El 02/04/12 07:11, Matthieu Patou escribi?:> Steve, > On 04/01/2012 09:14 AM, steve wrote:>> Then, after: >> net ads keytab create >> everyone can work fine. >> > The title seems to indicate samba4 when the body seems to indicate samba 3. > Am I guessing right that you have this problem with a samba 3.x with > samba 4 acting as a AD DC. > > If so with which version of samba3 do you have this problem, samba 3.5.x > branch and early 3.6 have this problem even with MS AD, fix are present > in the master git tree to fix this problem. > > Matthieu. >Hi I installed the samba-client rpm (openSUSE 12.1) simply to get the net command as an easy way to make a keytab fr the client. My Linux users have their posix attributes stored in s4 ldap and need the machine key for nfs. As I say, everything works but I was concerned about the error message. Cheers, Steve