samba - Feb 2015 - Not able to join domain using ads and target IP

i am not able to join the domain using ads and target ip ( net ads
join ?S <domain
controller ip> ?U <username> ).
I am getting below error.

*net ads join -S 172.17.100.97 -U administrator*
*Enter administrator's password:*
*kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in
Kerberos database*
*Failed to join domain: failed to connect to AD: Server not found in
Kerberos database*
*[root at ESX2VMTKRHEL2 ~]#*

However i am able to join the domain using either rpc in place of ads or by
specifying domain controller name in place of domain controller ip .

This seems to be a samba bug 6502 (
https://bugzilla.samba.org/show_bug.cgi?id=6502#c0) which is in NEW state
on samba 3.0  and i am  using 3.6 as shown below.

[root at ESX2VMTKRHEL2 ~]#
[root at ESX2VMTKRHEL2 ~]# smbstatus --version
Version 3.6.23-12.el6
[root at ESX2VMTKRHEL2 ~]#


So please help.

####################The content of krb5.conf & smb.conf is as below
+++++++++++++++
/etc/krb5.conf
=============
[root at ESX2VMTKRHEL2 ~]# vi /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = HARI.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 HARI.COM = {
  kdc = WIN-08U8DKU3EV3.HARI.com:88
 }

[domain_realm]
.hari.com = HARI.COM
hari.com = HARI.COM







/etc/samba/smb.conf
==================

[root at ESX2VMTKRHEL2 ~]# hostname
ESX2VMTKRHEL2
[root at ESX2VMTKRHEL2 ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:1F:8E:5B
          inet addr:172.17.100.96  Bcast:172.17.100.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe1f:8e5b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4397729 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1135336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4284194888 (3.9 GiB)  TX bytes:192947542 (184.0 MiB)

[root at ESX2VMTKRHEL2 ~]#


[root at ESX2VMTKRHEL2 ~]# vi /etc/samba/smb.conf
# setsebool -P samba_export_all_rw on
#
#======================= Global Settings
====================================
[global]


        netbios name = ESX2VMTKRHEL2
        server string = Samba Domain Member Server
        workgroup = HARI
        security = ADS
        realm = HARI.COM
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        preferred master = no
        encrypt passwords = yes
        winbind separator = +

        idmap config *:backend = tdb
        idmap config *:range = 2000-9999
        idmap config HARI:backend = ad
        idmap config HARI:schema_mode = rfc2307
        idmap config HARI:range = 10000-99999

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes
        winbind refresh tickets = Yes


#logging

        log file = /var/log/samba/%m.log
        max log size = 10240



#============================ Share Definitions
============================



[public]
        path = /public
        browseable = yes
        writeable = yes
        guest ok = yes

[share80]
        comment = share80
        path = /mnt/share80
        public = No
        read only = No
        writable = Yes
        printable = No
        browseable = Yes
        create mask = 0777
        directory mask = 0777

**********************************************************************************************************



Thanks,
Hari

On 23/02/15 11:35, Hari Naresh Rawat wrote:
>   i am not able to join the domain using ads and target ip ( net ads
> join ?S <domain
> controller ip> ?U <username> ).
> I am getting below error.
>
> *net ads join -S 172.17.100.97 -U administrator*
> *Enter administrator's password:*
> *kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in
> Kerberos database*
> *Failed to join domain: failed to connect to AD: Server not found in
> Kerberos database*
> *[root at ESX2VMTKRHEL2 ~]#*
>
> However i am able to join the domain using either rpc in place of ads or by
> specifying domain controller name in place of domain controller ip .
>
> This seems to be a samba bug 6502 (
> https://bugzilla.samba.org/show_bug.cgi?id=6502#c0) which is in NEW state
> on samba 3.0  and i am  using 3.6 as shown below.
>
> [root at ESX2VMTKRHEL2 ~]#
> [root at ESX2VMTKRHEL2 ~]# smbstatus --version
> Version 3.6.23-12.el6
> [root at ESX2VMTKRHEL2 ~]#
>
>
> So please help.
>
> ####################The content of krb5.conf & smb.conf is as below
> +++++++++++++++
> /etc/krb5.conf
> =============>
> [root at ESX2VMTKRHEL2 ~]# vi /etc/krb5.conf
> [logging]
>   default = FILE:/var/log/krb5libs.log
>   kdc = FILE:/var/log/krb5kdc.log
>   admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>   default_realm = HARI.COM
>   dns_lookup_realm = true
>   dns_lookup_kdc = true
>
> [realms]
>   HARI.COM = {
>    kdc = WIN-08U8DKU3EV3.HARI.com:88
>   }
>
> [domain_realm]
> .hari.com = HARI.COM
> hari.com = HARI.COM
>
>
>
>
>
>
>
> /etc/samba/smb.conf
> ==================>
>
> [root at ESX2VMTKRHEL2 ~]# hostname
> ESX2VMTKRHEL2
> [root at ESX2VMTKRHEL2 ~]# ifconfig eth0
> eth0      Link encap:Ethernet  HWaddr 00:0C:29:1F:8E:5B
>            inet addr:172.17.100.96  Bcast:172.17.100.255 
Mask:255.255.255.0
>            inet6 addr: fe80::20c:29ff:fe1f:8e5b/64 Scope:Link
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:4397729 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:1135336 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:4284194888 (3.9 GiB)  TX bytes:192947542 (184.0 MiB)
>
> [root at ESX2VMTKRHEL2 ~]#
>
>
> [root at ESX2VMTKRHEL2 ~]# vi /etc/samba/smb.conf
> # setsebool -P samba_export_all_rw on
> #
> #======================= Global Settings
> ====================================>
> [global]
>
>
>          netbios name = ESX2VMTKRHEL2
>          server string = Samba Domain Member Server
>          workgroup = HARI
>          security = ADS
>          realm = HARI.COM
>          dedicated keytab file = /etc/krb5.keytab
>          kerberos method = secrets and keytab
>          preferred master = no
>          encrypt passwords = yes
>          winbind separator = +
>
>          idmap config *:backend = tdb
>          idmap config *:range = 2000-9999
>          idmap config HARI:backend = ad
>          idmap config HARI:schema_mode = rfc2307
>          idmap config HARI:range = 10000-99999
>
>          winbind nss info = rfc2307
>          winbind trusted domains only = no
>          winbind use default domain = yes
>          winbind enum users  = yes
>          winbind enum groups = yes
>          winbind refresh tickets = Yes
>
>
> #logging
>
>          log file = /var/log/samba/%m.log
>          max log size = 10240
>
>
>
> #============================ Share Definitions
> ============================>
>
>
>
> [public]
>          path = /public
>          browseable = yes
>          writeable = yes
>          guest ok = yes
>
> [share80]
>          comment = share80
>          path = /mnt/share80
>          public = No
>          read only = No
>          writable = Yes
>          printable = No
>          browseable = Yes
>          create mask = 0777
>          directory mask = 0777
>
>
**********************************************************************************************************
>
>
>
> Thanks,
> Hari
You do not need the '-S' option, you only need 'net ads join -U 
Administrator' , the DC should be found by dns, your member server does 
have the DC as the first nameserver in /etc/resolv.conf doesn't it ?

Rowland