François Legal
2022-Apr-26 08:36 UTC
[Samba] ?==?utf-8?q? Joining a samba ad dc domain from another samba installation
Le Lundi, Avril 25, 2022 15:24 CEST, Jonathon Reinhart <jonathon.reinhart at gmail.com> a ?crit:> On Mon, Apr 25, 2022 at 7:13 AM Fran?ois Legal via samba < > samba at lists.samba.org> wrote: > > > > > samba-tool domain join [my samba domain] DC -k yes --dns-backend=BIND9_DLZ > > --option='idmap_ldb:use rfc2307 = yes' > > INFO 2022-04-25 10:41:04,952 pid:374 > > /usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable DC > > for domain '[my samba domain]' > > INFO 2022-04-25 10:41:04,973 pid:374 > > /usr/lib/python3/dist-packages/samba/join.py #109: Found DC [my-dc].[my > > samba domain] > > ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't > > join, error: 00002020: Operation unavailable without authentication > > > > I see you used "-k yes". Did you confirm that you have a valid Kerberos TGT > for a Domain Admin account? (Run "kinit" to get a ticket and "klist" to > check.)Yes. I?ve kinit administrator@[my realm], the ticket shows out in klist afterwards. But either using -U administrator (for which no password is requested), either --krb5-ccache=/tmp/krb5cc_0 produce the same result Fran?ois
Rowland Penny
2022-Apr-26 09:10 UTC
[Samba] ?==?utf-8?q? Joining a samba ad dc domain from another samba installation
On Tue, 2022-04-26 at 10:36 +0200, Fran?ois Legal via samba wrote:> Le Lundi, Avril 25, 2022 15:24 CEST, Jonathon Reinhart < > jonathon.reinhart at gmail.com> a ?crit: > > > On Mon, Apr 25, 2022 at 7:13 AM Fran?ois Legal via samba < > > samba at lists.samba.org> wrote: > > > > > samba-tool domain join [my samba domain] DC -k yes --dns- > > > backend=BIND9_DLZ > > > --option='idmap_ldb:use rfc2307 = yes' > > > INFO 2022-04-25 10:41:04,952 pid:374 > > > /usr/lib/python3/dist-packages/samba/join.py #107: Finding a > > > writeable DC > > > for domain '[my samba domain]' > > > INFO 2022-04-25 10:41:04,973 pid:374 > > > /usr/lib/python3/dist-packages/samba/join.py #109: Found DC [my- > > > dc].[my > > > samba domain] > > > ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - > > > Can't > > > join, error: 00002020: Operation unavailable without > > > authentication > > > > > > > I see you used "-k yes". Did you confirm that you have a valid > > Kerberos TGT > > for a Domain Admin account? (Run "kinit" to get a ticket and > > "klist" to > > check.) > > Yes. I?ve kinit administrator@[my realm], the ticket shows out in > klist afterwards. > But either using -U administrator (for which no password is > requested), either --krb5-ccache=/tmp/krb5cc_0 produce the same > result > > Fran?oisProvided that krb5.conf and DNS are set up correctly, you should just run 'kinit administrator' to get a ticket. I take it that you are doing this as root. Rowland