Sac Isilia
2022-Apr-28 04:52 UTC
[Samba] Domain join not happening on Debian/Ubuntu machines
Hi Team, We are trying to domain join the Debian/Ubuntu machines via winbind . We have attempted to join the RHEL servers in different domain and they were successful. But while joining the Debian machines we get below error. root at cngzh1dnl01:~# net ads join -U media\\test_sachin Enter media\test_sachin's password: kerberos_kinit_password test_sachin at AP.MEDIA.GLOBAL.LOC failed: Client not found in Kerberos database *Failed to join domain: failed to connect to AD: Client not found in Kerberos database* root at cngzh1dnl01:~# systemctl restart winbind.service Job for winbind.service failed because the control process exited with error code. See "systemctl status winbind.service" and "journalctl -xe" for details. root at cngzh1dnl01:~# The one thing we observed that we are using MEDIA domain to join the servers in media and other domains available. This process works fine with REDHAT as it joined across multiple domains using MEDIA\test_sachin but same was not successful against debian machines. We contacted our AD team but they said that our MEDIA account is resolving to test_sachin at AP.MEDIA.GLOBAL.LOC and the account is working fine and there is issue on the linux side. Can you help us clarify what can be the issue here that the same account works fine for REDHAT servers but fails for Debian/Ubuntu and as matter of fact for SUSE as well for domains other than MEDIA. Domains LIst ------------------ media.global.loc emea.media.global.loc ap.media.global.loc Regards Sachin Kumar On Wed, Apr 27, 2022 at 5:34 PM Sac Isilia <udaypratap.singh65 at gmail.com> wrote:> Hi Team, > > We are trying to domain join the Debian/Ubuntu machines via winbind . We > have attempted to join the RHEL servers in different domain and they were > successful. > But while joining the Debian machines we get below error. > > root at cngzh1dnl01:~# net ads join -U media\\test_sachin > > Enter media\test_sachin's password: > > kerberos_kinit_password test_sachin at AP.MEDIA.GLOBAL.LOC failed: Client > not found in Kerberos database > > *Failed to join domain: failed to connect to AD: Client not found in > Kerberos database* > > root at cngzh1dnl01:~# systemctl restart winbind.service > > Job for winbind.service failed because the control process exited with > error code. > > See "systemctl status winbind.service" and "journalctl -xe" for details. > > root at cngzh1dnl01:~# > > > The one thing we observed that we are using MEDIA domain to join the > servers in media and other domains available. This process works fine with > REDHAT as it joined across multiple domains using MEDIA\test_sachin but > same was not successful against debian machines. > > > We contacted our AD team but they said that our MEDIA account is resolving > to test_sachin at AP.MEDIA.GLOBAL.LOC and the account is working fine and > there is issue on the linux side. > > > Can you help us clarify what can be the issue here that the same account > works fine for REDHAT servers but fails for Debian/Ubuntu and as matter of > fact for SUSE as well for domains other than MEDIA. > > > Domains LIst > > ------------------ > > media.global.loc > > emea.media.global.loc > > ap.media.global.loc > > > Regards > > Sachin Kumar >