On 01/30/2016 01:52 PM, Rowland penny wrote:> Your problems seem to start here: > > Server ldap/DC01.MYDOMAIN.NET at MYDOMAIN.NET is not registered with our > KDC: Miscellaneous failure (see text): Server > (ldap/DC01.MYDOMAIN.NET at MYDOMAIN.NET) unknown > > what is the ipaddress of your first AD DC ? > can you post /etc/resolv.conf, /etc/hosts and /etc/krb5.conf > > Rowland >Hi, i need to anonimize them a bit but i can post them /etc/hosts: 127.0.0.1 localhost <dc1 ip> dc01.mydomain.net dc01 <dc2 ip> dc02.mydomain.net dc02 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters resolv.conf: domain mydomain.net search mydomain.net # questo e' l'ip del dominio locale, sempre attivo CON samba4 #nameserver <dc2 ip> # questo e' l'altro dominio, da abilitare SOLO quando samba4 qui e' fermo nameserver <dc1 ip> this is my krb5.conf: [libdefaults] default_realm = MYDOMAIN.NET dns_lookup_realm = false dns_lookup_kdc = true -- Francesco Berni Laboratori Guglielmo Marconi S.p.a. web: http://www.labs.it - email: francesco.berni at labs.it
On 01/02/16 14:01, Francesco Berni wrote:> On 01/30/2016 01:52 PM, Rowland penny wrote: > >> Your problems seem to start here: >> >> Server ldap/DC01.MYDOMAIN.NET at MYDOMAIN.NET is not registered with our >> KDC: Miscellaneous failure (see text): Server >> (ldap/DC01.MYDOMAIN.NET at MYDOMAIN.NET) unknown >> >> what is the ipaddress of your first AD DC ? >> can you post /etc/resolv.conf, /etc/hosts and /etc/krb5.conf >> >> Rowland >> > Hi, > > i need to anonimize them a bit but i can post them > > > /etc/hosts: > 127.0.0.1 localhost > <dc1 ip> dc01.mydomain.net dc01 > <dc2 ip> dc02.mydomain.net dc02 > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > > resolv.conf: > domain mydomain.net > search mydomain.net > > # questo e' l'ip del dominio locale, sempre attivo CON samba4 > #nameserver <dc2 ip> > > # questo e' l'altro dominio, da abilitare SOLO quando samba4 qui e' fermo > nameserver <dc1 ip> > > > > this is my krb5.conf: > [libdefaults] > default_realm = MYDOMAIN.NET > dns_lookup_realm = false > dns_lookup_kdc = true > >Remove: <dc1 ip> dc01.mydomain.net dc01 From /etc/hosts set /etc/resolv.conf to this: search mydomain.net nameserver <dc1 ip> Your /etc/krb5.conf is correct So, provided that Samba is running on the DC and you don't have a firewall in the way, it should work. I don't suppose you have another kerberos server running on the DC ? or, on the second machine you are trying to join ? Rowland
On 02/01/2016 03:35 PM, Rowland penny wrote:> On 01/02/16 14:01, Francesco Berni wrote: >> On 01/30/2016 01:52 PM, Rowland penny wrote: >> >>> Your problems seem to start here: >>> >>> Server ldap/DC01.MYDOMAIN.NET at MYDOMAIN.NET is not registered with our >>> KDC: Miscellaneous failure (see text): Server >>> (ldap/DC01.MYDOMAIN.NET at MYDOMAIN.NET) unknown >>> >>> what is the ipaddress of your first AD DC ? >>> can you post /etc/resolv.conf, /etc/hosts and /etc/krb5.conf >>> >>> Rowland >>> >> Hi, >> >> i need to anonimize them a bit but i can post them >> >> >> /etc/hosts: >> 127.0.0.1 localhost >> <dc1 ip> dc01.mydomain.net dc01 >> <dc2 ip> dc02.mydomain.net dc02 >> >> # The following lines are desirable for IPv6 capable hosts >> ::1 localhost ip6-localhost ip6-loopback >> ff02::1 ip6-allnodes >> ff02::2 ip6-allrouters >> >> >> resolv.conf: >> domain mydomain.net >> search mydomain.net >> >> # questo e' l'ip del dominio locale, sempre attivo CON samba4 >> #nameserver <dc2 ip> >> >> # questo e' l'altro dominio, da abilitare SOLO quando samba4 qui e' >> fermo >> nameserver <dc1 ip> >> >> >> >> this is my krb5.conf: >> [libdefaults] >> default_realm = MYDOMAIN.NET >> dns_lookup_realm = false >> dns_lookup_kdc = true >> >> > > > Remove: > > <dc1 ip> dc01.mydomain.net dc01 > > From /etc/hosts > > set /etc/resolv.conf to this: > > search mydomain.net > nameserver <dc1 ip> > > Your /etc/krb5.conf is correct > > So, provided that Samba is running on the DC and you don't have a > firewall in the way, it should work. > > I don't suppose you have another kerberos server running on the DC ? > or, on the second machine you are trying to join ? >No i should not have any more. Thank you very much, them moment i have some time to work on that i'll come back at you. -- Francesco Berni Laboratori Guglielmo Marconi S.p.a. web: http://www.labs.it - email: francesco.berni at labs.it