Hello: I'm setting up a Samba as a domain member server, but when I run the command to attach it to my domain server gives me the following error ./net ads join -U administrator Enter administrator's password: Failed to join domain: failed to set machine kerberos encryption types: No such attribute regards Eduardo
Hi Eduardo, I would first try to set up kerberos before trying to join the member to the domain. If your member is Linux (which seems to be): So copy /path/to/samba/private/krb5.conf from a DC to /etc on you rmember server. Set up your resolver to be able to send DNS request to AD servers (nameserver field in /etc/resolv.conf) Then you should be able to try kinit: dc108:~# kinit administrator Password for administrator at AD.DOMAIN.TLD: Warning: Your password will expire in 40 days on mer. 09 mars 2016 12:57:45 CET dc108:~# And if it fails, insist : ) Once you solve your kerberos issue, try to join the member. Cheers, mathias 2016-01-28 17:58 GMT+01:00 Eduardo Miranda <eduardo at hlg.desoft.cu>:> Hello: > > I'm setting up a Samba as a domain member server, but when I run the > command to attach it to my domain server gives me the following error > > ./net ads join -U administrator > Enter administrator's password: > Failed to join domain: failed to set machine kerberos encryption types: No > such attribute > > regards > > Eduardo > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 28.01.2016 18:28, mathias dufresne wrote:> Hi Eduardo, > > I would first try to set up kerberos before trying to join the member to > the domain. > > If your member is Linux (which seems to be): > So copy /path/to/samba/private/krb5.conf from a DC to /etc on you rmember > server. > Set up your resolver to be able to send DNS request to AD servers > (nameserver field in /etc/resolv.conf) > > Then you should be able to try kinit: > dc108:~# kinit administrator > Password for administrator at AD.DOMAIN.TLD: > Warning: Your password will expire in 40 days on mer. 09 mars 2016 12:57:45 > CET > dc108:~# > > And if it fails, insist : ) > > Once you solve your kerberos issue, try to join the member. > > Cheers, > > mathias > > 2016-01-28 17:58 GMT+01:00 Eduardo Miranda <eduardo at hlg.desoft.cu>: > >> Hello: >> >> I'm setting up a Samba as a domain member server, but when I run the >> command to attach it to my domain server gives me the following error >> >> ./net ads join -U administrator >> Enter administrator's password: >> Failed to join domain: failed to set machine kerberos encryption types: No >> such attribute >> >> regards >> >> Eduardo >> >>And if Mathias' advice doesn't help: The best way to get support here is to first confirm that you have read and understood the wiki, that you have followed the instructions there and consulted the troubleshooting pages. If that's the case, explain, in detail, how your (Samba) network looks like, what it is you are trying to achieve, which steps you have taken up to here and provide output to all the relevant commands, and provide a copy to the relevant configuration files. Viktor
On 28/01/16 16:58, Eduardo Miranda wrote:> Hello: > > I'm setting up a Samba as a domain member server, but when I run the > command to attach it to my domain server gives me the following error > > ./net ads join -U administrator > Enter administrator's password: > Failed to join domain: failed to set machine kerberos encryption > types: No such attribute > > regards > > Eduardo > > >OK, can you post your smb.conf from the domain member, also what OS are you using, what is the DC, also post your /etc/krb5.conf Rowland
Configuration files are these, I'm using debian 8 and samba 4.3.2 kerberos [libdefaults] default_realm = VIRTUS.CU dns_lookup_realm = false dns_lookup_kdc = true Samba [global] netbios name = radius security = ADS workgroup = CEDAI realm = virtus.cu log file = /var/log/samba/samba.log log level = 1 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes # idmap config used for your domain. # Choose one of the following backends fitting to your # requirements and add the corresponding configuration. # idmap config ad # - idmap config rid # - idmap config autorid The strange is that the kerberos test does not give error root at radius:/usr/local/samba/bin# kinit eduardo Password for eduardo at VIRTUS.CU: Warning: Your password will expire in 44 days on lun 14 mar 2016 16:25:48 CDT root at radius:/usr/local/samba/bin# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: eduardo at VIRTUS.CU Valid starting Expires Service principal 29/01/16 15:50:33 30/01/16 01:50:33 krbtgt/VIRTUS.CU at VIRTUS.CU renew until 30/01/16 15:50:27 root at radius:/usr/local/samba/bin# kinit administrator Password for administrator at VIRTUS.CU: root at radius:/usr/local/samba/bin# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at VIRTUS.CU Valid starting Expires Service principal 29/01/16 15:50:57 30/01/16 01:50:57 krbtgt/VIRTUS.CU at VIRTUS.CU renew until 30/01/16 15:50:51 root at radius:/usr/local/samba/bin# Eduardo El 28/01/16 a las 13:38, Rowland penny escibiĆ³:> On 28/01/16 16:58, Eduardo Miranda wrote: >> Hello: >> >> I'm setting up a Samba as a domain member server, but when I run the >> command to attach it to my domain server gives me the following error >> >> ./net ads join -U administrator >> Enter administrator's password: >> Failed to join domain: failed to set machine kerberos encryption >> types: No such attribute >> >> regards >> >> Eduardo >> >> >> > > OK, can you post your smb.conf from the domain member, also what OS > are you using, what is the DC, also post your /etc/krb5.conf > > Rowland > >-- M.Sc. Eduardo Miranda Hidalgo Especialista Superior TIC