On Fri, 16 Dec 2016 10:10:51 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > You need to use samba-tool to join the DC. > > The info can be found here : > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory > >I am not sure that the OP is trying to join a DC, but if he is, then Louis is correct, otherwise, is everything setup correctly? Especially, does the machine that is trying to join the domain use the DC as its nameserver ? Rowland
Artur Moor
2016-Dec-16 11:08 UTC
[Samba] Fwd: net ads join -> "The connection was refused"
I don't want to join samba as DC, i am trying to join samba as member to AD. My setup ist: DC: dc1.ad.interdekor.com.ua (10.0.140.2) NETBIOS NAME: INTERDEKOR ------------------------ SAMBA SERVER: 10.0.140.3 ------------------------ root at samba:~# uname -nrs FreeBSD samba.ad.interdekor.com.ua 11.0-RELEASE root at samba:~# samba-tool -V 4.4.5 root at samba:~# cat /etc/resolv.conf search ad.interdekor.com.ua nameserver 10.0.140.2 root at samba:~# cat /etc/krb5.conf [libdefaults] default_realm = AD.INTERDEKOR.COM.UA dns_lookup_realm = true dns_lookup_kdc = true root at samba:~# cat /usr/local/etc/smb4.conf [global] netbios name = SAMBA realm = AD.INTERDEKOR.COM.UA security = ads workgroup = INTERDEKOR nmbd bind explicit broadcast = no use sendfile = true idmap config * : backend = tdb idmap config * : range = 60000-69999 idmap config INTERDEKOR : backend = ad idmap config INTERDEKOR : schema_mode = rfc2307 idmap config INTERDEKOR : range = 10000-59999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes restrict anonymous = 2 log file = /var/log/samba4/log.%m ---------- Forwarded message ---------- From: Rowland Penny via samba <samba at lists.samba.org> Date: 2016-12-16 10:26 GMT+01:00 Subject: Re: [Samba] net ads join -> "The connection was refused" To: samba at lists.samba.org On Fri, 16 Dec 2016 10:10:51 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > You need to use samba-tool to join the DC. > > The info can be found here : > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory> >I am not sure that the OP is trying to join a DC, but if he is, then Louis is correct, otherwise, is everything setup correctly? Especially, does the machine that is trying to join the domain use the DC as its nameserver ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2016-Dec-16 11:23 UTC
[Samba] Fwd: net ads join -> "The connection was refused"
Ah.. Member join.. Well thats this link : https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member and now you problem is in the security settings. (samba upgrade 4.4.0 => 4.4.1 ) Since the connection activly refused. I summed up the changed here : http://downloads.van-belle.nl/samba4/Upgrade-info.txt or go through the list of changes found here : https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) To test this, set : ldap server require strong auth = no And join the member to the domain. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Artur Moor via > samba > Verzonden: vrijdag 16 december 2016 12:08 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Fwd: net ads join -> "The connection was refused" > > I don't want to join samba as DC, i am trying to join samba as member to > AD. > > My setup ist: > DC: dc1.ad.interdekor.com.ua (10.0.140.2) > NETBIOS NAME: INTERDEKOR > > ------------------------ > SAMBA SERVER: 10.0.140.3 > ------------------------ > root at samba:~# uname -nrs > FreeBSD samba.ad.interdekor.com.ua 11.0-RELEASE > > root at samba:~# samba-tool -V > 4.4.5 > > root at samba:~# cat /etc/resolv.conf > search ad.interdekor.com.ua > nameserver 10.0.140.2 > > root at samba:~# cat /etc/krb5.conf > [libdefaults] > default_realm = AD.INTERDEKOR.COM.UA > dns_lookup_realm = true > dns_lookup_kdc = true > > root at samba:~# cat /usr/local/etc/smb4.conf > [global] > netbios name = SAMBA > realm = AD.INTERDEKOR.COM.UA > security = ads > workgroup = INTERDEKOR > > nmbd bind explicit broadcast = no > > use sendfile = true > > idmap config * : backend = tdb > idmap config * : range = 60000-69999 > idmap config INTERDEKOR : backend = ad > idmap config INTERDEKOR : schema_mode = rfc2307 > idmap config INTERDEKOR : range = 10000-59999 > > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind refresh tickets = yes > > restrict anonymous = 2 > > log file = /var/log/samba4/log.%m > > > ---------- Forwarded message ---------- > From: Rowland Penny via samba <samba at lists.samba.org> > Date: 2016-12-16 10:26 GMT+01:00 > Subject: Re: [Samba] net ads join -> "The connection was refused" > To: samba at lists.samba.org > > > On Fri, 16 Dec 2016 10:10:51 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > Hai, > > > > You need to use samba-tool to join the DC. > > > > The info can be found here : > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_ > Existing_Active_Directory > > > > > > I am not sure that the OP is trying to join a DC, but if he is, then > Louis is correct, otherwise, is everything setup correctly? Especially, > does the machine that is trying to join the domain use the DC as its > nameserver ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2016-Dec-16 11:27 UTC
[Samba] Fwd: net ads join -> "The connection was refused"
On Fri, 16 Dec 2016 12:08:05 +0100 Artur Moor via samba <samba at lists.samba.org> wrote:> I don't want to join samba as DC, i am trying to join samba as member > to AD. > > My setup ist: > DC: dc1.ad.interdekor.com.ua (10.0.140.2) > NETBIOS NAME: INTERDEKOR > > ------------------------ > SAMBA SERVER: 10.0.140.3 > ------------------------ > root at samba:~# uname -nrs > FreeBSD samba.ad.interdekor.com.ua 11.0-RELEASE > > root at samba:~# samba-tool -V > 4.4.5 > > root at samba:~# cat /etc/resolv.conf > search ad.interdekor.com.ua > nameserver 10.0.140.2 > > root at samba:~# cat /etc/krb5.conf > [libdefaults] > default_realm = AD.INTERDEKOR.COM.UA > dns_lookup_realm = true > dns_lookup_kdc = true > > root at samba:~# cat /usr/local/etc/smb4.conf > [global] > netbios name = SAMBA > realm = AD.INTERDEKOR.COM.UA > security = ads > workgroup = INTERDEKOR > > nmbd bind explicit broadcast = no > > use sendfile = true > > idmap config * : backend = tdb > idmap config * : range = 60000-69999 > idmap config INTERDEKOR : backend = ad > idmap config INTERDEKOR : schema_mode = rfc2307 > idmap config INTERDEKOR : range = 10000-59999 > > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind refresh tickets = yes > > restrict anonymous = 2 > > log file = /var/log/samba4/log.%m > >Try removing 'nmbd bind explicit broadcast = no', everything else looks okay. What is the AD DC ? Is it running a firewall ? Rowland
Artur Moor
2016-Dec-16 11:41 UTC
[Samba] Fwd: net ads join -> "The connection was refused"
Setting 'ldap server require strong auth = no' in 'smb4.conf' didn't help! 2016-12-16 12:23 GMT+01:00 L.P.H. van Belle via samba <samba at lists.samba.org>:> Ah.. Member join.. > > Well thats this link : > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > and now you problem is in the security settings. > (samba upgrade 4.4.0 => 4.4.1 ) > Since the connection activly refused. > > I summed up the changed here : > http://downloads.van-belle.nl/samba4/Upgrade-info.txt > > or go through the list of changes found here : > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > > To test this, set : ldap server require strong auth = no > And join the member to the domain. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Artur Moor via > > samba > > Verzonden: vrijdag 16 december 2016 12:08 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Fwd: net ads join -> "The connection was refused" > > > > I don't want to join samba as DC, i am trying to join samba as member to > > AD. > > > > My setup ist: > > DC: dc1.ad.interdekor.com.ua (10.0.140.2) > > NETBIOS NAME: INTERDEKOR > > > > ------------------------ > > SAMBA SERVER: 10.0.140.3 > > ------------------------ > > root at samba:~# uname -nrs > > FreeBSD samba.ad.interdekor.com.ua 11.0-RELEASE > > > > root at samba:~# samba-tool -V > > 4.4.5 > > > > root at samba:~# cat /etc/resolv.conf > > search ad.interdekor.com.ua > > nameserver 10.0.140.2 > > > > root at samba:~# cat /etc/krb5.conf > > [libdefaults] > > default_realm = AD.INTERDEKOR.COM.UA > > dns_lookup_realm = true > > dns_lookup_kdc = true > > > > root at samba:~# cat /usr/local/etc/smb4.conf > > [global] > > netbios name = SAMBA > > realm = AD.INTERDEKOR.COM.UA > > security = ads > > workgroup = INTERDEKOR > > > > nmbd bind explicit broadcast = no > > > > use sendfile = true > > > > idmap config * : backend = tdb > > idmap config * : range = 60000-69999 > > idmap config INTERDEKOR : backend = ad > > idmap config INTERDEKOR : schema_mode = rfc2307 > > idmap config INTERDEKOR : range = 10000-59999 > > > > winbind separator = + > > winbind enum users = yes > > winbind enum groups = yes > > winbind use default domain = yes > > winbind refresh tickets = yes > > > > restrict anonymous = 2 > > > > log file = /var/log/samba4/log.%m > > > > > > ---------- Forwarded message ---------- > > From: Rowland Penny via samba <samba at lists.samba.org> > > Date: 2016-12-16 10:26 GMT+01:00 > > Subject: Re: [Samba] net ads join -> "The connection was refused" > > To: samba at lists.samba.org > > > > > > On Fri, 16 Dec 2016 10:10:51 +0100 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > > > Hai, > > > > > > You need to use samba-tool to join the DC. > > > > > > The info can be found here : > > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_ > > Existing_Active_Directory > > > > > > > > > > I am not sure that the OP is trying to join a DC, but if he is, then > > Louis is correct, otherwise, is everything setup correctly? Especially, > > does the machine that is trying to join the domain use the DC as its > > nameserver ? > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >