Maurizio Caloro
2021-Feb-03 15:44 UTC
[Samba] join to domain failed - Insufficient permissions to join the domain
Hello Installing now new Debian 10 Server and need to add this to domain Samba 4.13.2, in the meantime was running without any problems. Installing this apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# cat /etc/resolv.conf domain carag.local search carag.local nameserver 192.168.201.92 discovery running without problem /var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# realm discover carag.local carag.local type: erberos realm-name: CARAG.LOCAL domain-name: carag.local configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin # realm join -U Administrator carag.local Password for Administrator: See: journalctl REALMD_OPERATION=r734.1183 Realm: Couldn't join realm: Insufficient permissions to join the domain # journalctl REALMD_OPERATION=r734.1183 -- Logs begin at Wed 2021-02-03 16:25:21 CET, end at Wed 2021-02-03 16:37:35 CET. -- Feb 03 16:37:31 srvcar010.carag.local realmd[1186]: * Resolving: _ldap._tcp.carag.local Feb 03 16:37:31 srvcar010.carag.local realmd[1186]: * Performing LDAP DSE lookup on: 192.168.201.105 Feb 03 16:37:31 srvcar010.carag.local realmd[1186]: * Successfully discovered: carag.local Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Unconditionally checking packages Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Resolving required packages Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * LANG=C /usr/sbin/adcli join --verbose --domain carag.local --domain-realm CARAG.LOCAL --domain-controller 192.168.201.105 --login-type user --log Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Using domain name: carag.local Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Calculated computer account name from fqdn: SRVCAR010 Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Using domain realm: carag.local Feb 03 16:37:34 srvcar010.carag.local realmd[1186]: * Sending netlogon pings to domain controller: ldap://192.168.201.105 Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: * Received NetLogon info from: srvcarad003.carag.local Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-Lsc4Fq/krb5.d/adcli-krb5-conf-qipHGR Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: * Authenticated as user: Administrator at CARAG.LOCAL Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: ! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more informa Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: adcli: couldn't connect to carag.local domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS f Feb 03 16:37:35 srvcar010.carag.local realmd[1186]: ! Insufficient permissions to join the domain <mailto:root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d#> root at srvcar010:/var/cache/realmd/adcli-krb5-c6lGPb/krb5.d# Thanks
Rowland penny
2021-Feb-03 15:56 UTC
[Samba] join to domain failed - Insufficient permissions to join the domain
On 03/02/2021 15:44, Maurizio Caloro via samba wrote:> Hello > > Installing now new Debian 10 Server and need to add this to domain Samba > 4.13.2, in the meantime was running without any problems. > > > > Installing this > > apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli > samba-common-bin oddjob oddjob-mkhomedir packagekit > > >Sorry, wrong list, those are mostly red-hat packages and have nothing to do with Samba. Also, if you are going to use Samba shares in a domain, you cannot use sssd. Rowland