Hello: I'm setting up a Samba as a domain member server, but when I run the command to attach it to my domain server gives me the following error ./net ads join -U administrator Enter administrator's password: Failed to join domain: failed to set machine kerberos encryption types: No such attribute regards Eduardo
Hi Eduardo, I would first try to set up kerberos before trying to join the member to the domain. If your member is Linux (which seems to be): So copy /path/to/samba/private/krb5.conf from a DC to /etc on you rmember server. Set up your resolver to be able to send DNS request to AD servers (nameserver field in /etc/resolv.conf) Then you should be able to try kinit: dc108:~# kinit administrator Password for administrator at AD.DOMAIN.TLD: Warning: Your password will expire in 40 days on mer. 09 mars 2016 12:57:45 CET dc108:~# And if it fails, insist : ) Once you solve your kerberos issue, try to join the member. Cheers, mathias 2016-01-28 17:58 GMT+01:00 Eduardo Miranda <eduardo at hlg.desoft.cu>:> Hello: > > I'm setting up a Samba as a domain member server, but when I run the > command to attach it to my domain server gives me the following error > > ./net ads join -U administrator > Enter administrator's password: > Failed to join domain: failed to set machine kerberos encryption types: No > such attribute > > regards > > Eduardo > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 28.01.2016 18:28, mathias dufresne wrote:> Hi Eduardo, > > I would first try to set up kerberos before trying to join the member to > the domain. > > If your member is Linux (which seems to be): > So copy /path/to/samba/private/krb5.conf from a DC to /etc on you rmember > server. > Set up your resolver to be able to send DNS request to AD servers > (nameserver field in /etc/resolv.conf) > > Then you should be able to try kinit: > dc108:~# kinit administrator > Password for administrator at AD.DOMAIN.TLD: > Warning: Your password will expire in 40 days on mer. 09 mars 2016 12:57:45 > CET > dc108:~# > > And if it fails, insist : ) > > Once you solve your kerberos issue, try to join the member. > > Cheers, > > mathias > > 2016-01-28 17:58 GMT+01:00 Eduardo Miranda <eduardo at hlg.desoft.cu>: > >> Hello: >> >> I'm setting up a Samba as a domain member server, but when I run the >> command to attach it to my domain server gives me the following error >> >> ./net ads join -U administrator >> Enter administrator's password: >> Failed to join domain: failed to set machine kerberos encryption types: No >> such attribute >> >> regards >> >> Eduardo >> >>And if Mathias' advice doesn't help: The best way to get support here is to first confirm that you have read and understood the wiki, that you have followed the instructions there and consulted the troubleshooting pages. If that's the case, explain, in detail, how your (Samba) network looks like, what it is you are trying to achieve, which steps you have taken up to here and provide output to all the relevant commands, and provide a copy to the relevant configuration files. Viktor
On 28/01/16 16:58, Eduardo Miranda wrote:> Hello: > > I'm setting up a Samba as a domain member server, but when I run the > command to attach it to my domain server gives me the following error > > ./net ads join -U administrator > Enter administrator's password: > Failed to join domain: failed to set machine kerberos encryption > types: No such attribute > > regards > > Eduardo > > >OK, can you post your smb.conf from the domain member, also what OS are you using, what is the DC, also post your /etc/krb5.conf Rowland
Configuration files are these, I'm using debian 8 and samba 4.3.2
kerberos
[libdefaults]
default_realm = VIRTUS.CU
dns_lookup_realm = false
dns_lookup_kdc = true
Samba
[global]
netbios name = radius
security = ADS
workgroup = CEDAI
realm = virtus.cu
log file = /var/log/samba/samba.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
# idmap config used for your domain.
# Choose one of the following backends fitting to your
# requirements and add the corresponding configuration.
# idmap config ad
# - idmap config rid
# - idmap config autorid
The strange is that the kerberos test does not give error
root at radius:/usr/local/samba/bin# kinit eduardo
Password for eduardo at VIRTUS.CU:
Warning: Your password will expire in 44 days on lun 14 mar 2016
16:25:48 CDT
root at radius:/usr/local/samba/bin# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: eduardo at VIRTUS.CU
Valid starting Expires Service principal
29/01/16 15:50:33 30/01/16 01:50:33 krbtgt/VIRTUS.CU at VIRTUS.CU
renew until 30/01/16 15:50:27
root at radius:/usr/local/samba/bin# kinit administrator
Password for administrator at VIRTUS.CU:
root at radius:/usr/local/samba/bin# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at VIRTUS.CU
Valid starting Expires Service principal
29/01/16 15:50:57 30/01/16 01:50:57 krbtgt/VIRTUS.CU at VIRTUS.CU
renew until 30/01/16 15:50:51
root at radius:/usr/local/samba/bin#
Eduardo
El 28/01/16 a las 13:38, Rowland penny escibiĆ³:> On 28/01/16 16:58, Eduardo Miranda wrote:
>> Hello:
>>
>> I'm setting up a Samba as a domain member server, but when I run
the
>> command to attach it to my domain server gives me the following error
>>
>> ./net ads join -U administrator
>> Enter administrator's password:
>> Failed to join domain: failed to set machine kerberos encryption
>> types: No such attribute
>>
>> regards
>>
>> Eduardo
>>
>>
>>
>
> OK, can you post your smb.conf from the domain member, also what OS
> are you using, what is the DC, also post your /etc/krb5.conf
>
> Rowland
>
>
--
M.Sc. Eduardo Miranda Hidalgo
Especialista Superior TIC