samba - Feb 2021 - Unable to join domain?

Yes, the resolv.conf points to 192.168.10.3 which is janus.

#? cat /etc/resolv.conf
nameserver 192.168.10.3
search eglifamily.name

# host janus
janus.eglifamily.name has address 192.168.10.3

# samba-tool dns zonecreate 192.168.10.3 10.168.182.in-addr.arpa 
-UAdministrator%%<password>
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for 
ncacn_ip_tcp:192.168.10.3[49153,sign,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=192.168.10.3]
NT_STATUS_LOGON_FAILURE
ERROR: Connecting to DNS RPC server 192.168.10.3 failed with 
(3221225581, 'The attempted logon is invalid. This is either due to a 
bad username or authentication information.')


On 2/6/2021 3:45 PM, Rowland penny via samba wrote:
> On 06/02/2021 22:27, Dan Egli wrote:
>>
>> On 2/6/2021 1:51 PM, Rowland penny via samba wrote:
>>> On 06/02/2021 20:43, Dan Egli wrote:
>>>> I tried the -k, and no go. If I just put -k at the end it says
-k
>>>> needs a paramater. Looking in the man page it says -k KERBEROS,
so
>>>> I did, and now samba-tool says "samba-tool dns zonecreate:
error:
>>>> invalid -k option value: KERBEROS"
>>>>
>>>> I am completely unfamiliar with Kerberos, so if this is a
stupid
>>>> mistake, forgive me.
>>>
>>>
>>> No, it is not a stupid question, for 'KERBEROS' read
'no|yes|auto',
>>> so to use kerberos with your command you need a ticket (which will 
>>> be 'krb5cc_0' in /tmp) and to add '-k yes' to the
command.
>>>
>>> Rowland
>>>
>>
>> Well, I tried with -k yes and still not working:
>>
>> #? samba-tool dns zonecreate janus.eglifamily.name 
>> 10.168.192.in-addr.arpa -k yes
>> Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for 
>>
ncacn_ip_tcp:2600:100e:b1df:d0d3:20c:29ff:fed0:8fed[49153,sign,target_hostname=janus.eglifamily.name,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=2600:100e:b1df:d0d3:20c:29ff:fed0:8fed]
>> NT_STATUS_UNSUCCESSFUL
>> ERROR: Connecting to DNS RPC server janus.eglifamily.name failed with 
>> (3221225473, '{Operation Failed} The requested operation was 
>> unsuccessful.')
>>
>> # klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: Administrator at EGLIFAMILY.NAME
>>
>> Valid starting???? Expires??????????? Service principal
>> 02/06/21 13:12:17? 02/06/21 23:12:17 
>> krbtgt/EGLIFAMILY.NAME at EGLIFAMILY.NAME
>> ??????? renew until 02/07/21 13:12:10
>> 02/06/21 15:25:06? 02/06/21 23:12:17 
>> host/JANUS.EGLIFAMILY.NAME at EGLIFAMILY.NAME
>>
>> I'm open to the next suggestion.
>
>
> Have you set this DC to use itself as its nameserver ?
>
> I would check your DNS settings.
>
> Try replacing? the server name 'janus.eglifamily.name' with the
DC's
> ipaddress and if that fails replace the '-k yes' with
-UAdministrator
> and see if the password works.
>
> Rowland
>
>
>

On 07/02/2021 01:13, Dan Egli wrote:
>
> # samba-tool dns zonecreate 192.168.10.3 10.168.182.in-addr.arpa 
> -UAdministrator%%<password> 

Try it like this:

samba-tool dns zonecreate 192.168.10.3 10.168.182.in-addr.arpa 
-UAdministrator

It will prompt you for the password.

If this doesn't work, do you want to try provisioning again, but in a 
different way ?

If so try like this:

samba-tool domain provision --use-rfc2307 --domain=EGLIFAMILY 
--realm=EGLIFAMILY.NAME --adminpass=xxxxxxxxxx

Where 'xxxxxxxxxx' contains characters from three of the following 
categories:

 ??? Uppercase letters

 ??? Lowercase letters

 ??? numbers

 ??? Nonalphanumeric characters:
~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

 ??? Any Unicode character that is categorized as an alphabetic 
character but is not uppercase or lowercase.

The password needs to be at least 7 characters long.

For instance (Don't use this): P4ssW*rd

Rowland