thr3ads.net - samba - [Samba] I can't join my Linux client to my Samba DC. [Jun 2021]

If this information is useful, please help other people find it:
Share via:

Rowland penny

2021-Jun-01 13:04 UTC

[Samba] I can't join my Linux client to my Samba DC.

On 01/06/2021 13:11, Jason Long wrote:> Hello,
> I changed "workgroup" to "MYDOMAIN" and I got below
error:
>
> # net ads join -U administrator
> Enter administrator's password:
> Failed to join domain: failed to find DC for domain MYDOMAIN - The object
was not found.
>
> Then, I?changed "workgroup" to "MYDOMAIN.Z" and I got
below error:
>
> # net ads join -U administrator
> Enter administrator's password:
> Failed to join domain: failed to find DC for domain MYDOMAIN.Z - {Operation
Failed} The requested operation was unsuccessful.
>
>
> Why?

 From what you posted, your dns domain is 'mydomain.z' , so your realm 
must be 'MYDOMAIN.Z' , but the workgroup (also known as the Netbios 
Domain name) is usually the left hand part of the realm (it doesn't have 
to be, it can be anything), so in this case it could be 'MYDOMAIN'. Your
workgroup depends on what you set when provisioning your AD domain and, 
from what you posted, it is 'MYDOMAIN', so provided you have these lines
in smb.conf:

workgroup = MYDOMAIN
realm = MYDOMAIN.Z
security = ADS

The join should work, provided that your clients dns is set correctly 
and it sounds like yours may not be.

Your /etc/resolv.conf should look similar to this:

search mydomain.z
nameserver 192.168.0.10

Where '192.168.0.10' is the ipaddress of your AD DC

/etc/hostname should just contain the short hostname of the client

/etc/hosts uses different lines depending on the OS and whether you use 
dhcp or not

If using dhcp you may just need '127.0.0.1 localhost'

If you have, by default, '127.0.1.1' or '127.0.0.53' you will
need the
'127.0' IP followed by 'FQDN hostname' , for example:

127.0.0.53 client.domain.tld client

If you have a fixed IP, you will need a line similar to this:

192.168.0.153 client.domain.tld client

Where '192.168.0.153' is the clients ipaddress.

If unsure about any of this, just post your /etc/resolv.conf, 
/etc/hostname and /etc/hosts

Rowland

Jason Long

2021-Jun-01 14:36 UTC

head link

[Samba] I can't join my Linux client to my Samba DC.

Thank you.
My Samba DC has a DHCP server too.
My "/etc/hosts" file contents is:

# cat /etc/hosts?
127.0.0.1? ?localhost localhost.localdomain localhost4 localhost4.localdomain4
::1? ? ? ? ?localhost localhost.localdomain localhost6 localhost6.localdomain6

And I modified "/etc/resolv.conf" file as below:

# cat /etc/resolv.conf
search mydomain.z
nameserver 192.168.56.7

And edited "smb.conf" file as below:

[global]
? ?workgroup = MYDOMAIN
? ?security = ADS
# realm = MYDC.MYDOMAIN.Z
? ?realm = MYDOMAIN.Z

And tried to join my Linux client to my Samba DC, but I got below error:

# net ads join -U administrator
Enter administrator's password:
Using short domain name -- MYDOMAIN
Joined 'CLIENT' to dns domain 'mydomain.z'
No DNS domain configured for client. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER





On Tuesday, June 1, 2021, 05:34:50 PM GMT+4:30, Rowland penny via samba
<samba at lists.samba.org> wrote:





On 01/06/2021 13:11, Jason Long wrote:> Hello,
> I changed "workgroup" to "MYDOMAIN" and I got below
error:
>
> # net ads join -U administrator
> Enter administrator's password:
> Failed to join domain: failed to find DC for domain MYDOMAIN - The object
was not found.
>
> Then, I?changed "workgroup" to "MYDOMAIN.Z" and I got
below error:
>
> # net ads join -U administrator
> Enter administrator's password:
> Failed to join domain: failed to find DC for domain MYDOMAIN.Z - {Operation
Failed} The requested operation was unsuccessful.
>
>
> Why?
>From what you posted, your dns domain is 'mydomain.z' , so your
realmmust be 'MYDOMAIN.Z' , but the workgroup (also known as the Netbios 
Domain name) is usually the left hand part of the realm (it doesn't have 
to be, it can be anything), so in this case it could be 'MYDOMAIN'. Your
workgroup depends on what you set when provisioning your AD domain and, 
from what you posted, it is 'MYDOMAIN', so provided you have these lines
in smb.conf:

workgroup = MYDOMAIN
realm = MYDOMAIN.Z
security = ADS

The join should work, provided that your clients dns is set correctly 
and it sounds like yours may not be.

Your /etc/resolv.conf should look similar to this:

search mydomain.z
nameserver 192.168.0.10

Where '192.168.0.10' is the ipaddress of your AD DC

/etc/hostname should just contain the short hostname of the client

/etc/hosts uses different lines depending on the OS and whether you use 
dhcp or not

If using dhcp you may just need '127.0.0.1 localhost'

If you have, by default, '127.0.1.1' or '127.0.0.53' you will
need the
'127.0' IP followed by 'FQDN hostname' , for example:

127.0.0.53 client.domain.tld client

If you have a fixed IP, you will need a line similar to this:

192.168.0.153 client.domain.tld client

Where '192.168.0.153' is the clients ipaddress.

If unsure about any of this, just post your /etc/resolv.conf, 
/etc/hostname and /etc/hosts


Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba

samba - Jun 2021 - I can't join my Linux client to my Samba DC.

[Samba] I can't join my Linux client to my Samba DC.

[Samba] I can't join my Linux client to my Samba DC.