[Mon Sep 12 21:56:43] [root at dc02~$] realm leave [Mon Sep 12 21:57:49] [root at dc02~$] realm list [Mon Sep 12 21:57:51] [root at dc02~$] net ads join -U Administrator Host is not configured as a member server. Invalid configuration. Exiting.... Failed to join domain: This operation is only allowed for the PDC of the domain. I run through the wiki steps to add a domain member then. [Mon Sep 12 21:58:12] [root at dc02~$] net ads join -U Administrator Enter Administrator's password: Failed to join domain: failed to connect to AD: No logon servers are currently available to service the logon request. [Mon Sep 12 21:58:19] [root at dc02~$] realm list home.rob-campbell.lan type: kerberos realm-name: HOME.ROB-CAMPBELL.LAN domain-name: home.rob-campbell.lan configured: kerberos-member server-software: active-directory client-software: winbind required-package: winbind required-package: libpam-winbind required-package: samba-common-bin login-formats: HOME\%U login-policy: allow-any-login Not sure what's happening. Is it joining the domain or is it not joining the domain? DNS seems to be working: [Mon Sep 12 21:58:23] [root at dc02~$] nslookup dc01 Server: 10.0.0.10 Address: 10.0.0.10#53 Name: dc01.HOME.ROB-CAMPBELL.LAN Address: 10.0.0.10 [Mon Sep 12 22:01:02] [root at dc02~$] nslookup dc01.home.rob-campbell.lan Server: 10.0.0.10 Address: 10.0.0.10#53 Name: dc01.home.rob-campbell.lan Address: 10.0.0.10 [Mon Sep 12 22:01:08] [root at dc02~$] nslookup 10.0.0.10 10.0.0.10.in-addr.arpa name = DC01.HOME.ROB-CAMPBELL.LAN. [Mon Sep 12 22:01:16] [root at dc02~$] host 10.0.0.10 10.0.0.10.in-addr.arpa domain name pointer DC01.HOME.ROB-CAMPBELL.LAN. [Mon Sep 12 22:01:20] [root at dc02~$] host dc01 dc01.HOME.ROB-CAMPBELL.LAN has address 10.0.0.10 [Mon Sep 12 22:01:26] [root at dc02~$] host dc01.home.rob-campbell.lan dc01.home.rob-campbell.lan has address 10.0.0.10 [Mon Sep 12 22:01:33] [root at dc02~$] nslookup dc02 Server: 10.0.0.10 Address: 10.0.0.10#53 Name: dc02.HOME.ROB-CAMPBELL.LAN Address: 10.0.0.9 [Mon Sep 12 22:01:40] [root at dc02~$] nslookup dc02.home.rob-campbell.lan Server: 10.0.0.10 Address: 10.0.0.10#53 Name: dc02.home.rob-campbell.lan Address: 10.0.0.9 [Mon Sep 12 22:01:47] [root at dc02~$] nslookup 10.0.0.9 9.0.0.10.in-addr.arpa name = dc02.HOME.ROB-CAMPBELL.LAN. [Mon Sep 12 22:01:59] [root at dc02~$] host 10.0.0.9 9.0.0.10.in-addr.arpa domain name pointer dc02.HOME.ROB-CAMPBELL.LAN. [Mon Sep 12 22:02:07] [root at dc02~$] host dc02.home.rob-campbell.lan dc02.home.rob-campbell.lan has address 10.0.0.9 [Mon Sep 12 22:02:18] [root at dc02~$] host dc02 dc02.HOME.ROB-CAMPBELL.LAN has address 10.0.0.9 I'm guessing something is still wrong because I get this error when I try to add a user using Enterprise Login: Couldn't connect to the home.rob-campbell.lan domain: Cannot find KDC for realm "HOME.ROB-CAMPBELL.LAN" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all things, Be Intentional.
[Tue Sep 13 01:53:18] [root at DC01/var/log/samba$] firewall-cmd --permanent
--add-service=samba-dc
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'mysql' (see
--get-active-zones)
You most likely need to use --zone=mysql option.
success
[Tue Sep 13 01:53:48] [root at DC01/var/log/samba$] firewall-cmd --reload
success
[Tue Sep 13 01:54:19] [root at dc02/var/log$] net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- HOME
Joined 'DC02' to dns domain 'home.rob-campbell.lan'
DNS Update for dc02.home.rob-campbell.lan failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
At least I am able to get it joined now. Did I miss the instructions on
which ports to open on the DC for this to work or are those instructions
not part of the wiki?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Mon, Sep 12, 2022 at 10:16 PM Rob Campbell <robcampbell08105 at
gmail.com>
wrote:
> [Mon Sep 12 21:56:43] [root at dc02~$] realm leave
> [Mon Sep 12 21:57:49] [root at dc02~$] realm list
> [Mon Sep 12 21:57:51] [root at dc02~$] net ads join -U Administrator
> Host is not configured as a member server.
> Invalid configuration. Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> I run through the wiki steps to add a domain member then.
>
> [Mon Sep 12 21:58:12] [root at dc02~$] net ads join -U Administrator
> Enter Administrator's password:
> Failed to join domain: failed to connect to AD: No logon servers are
> currently available to service the logon request.
> [Mon Sep 12 21:58:19] [root at dc02~$] realm list
> home.rob-campbell.lan
> type: kerberos
> realm-name: HOME.ROB-CAMPBELL.LAN
> domain-name: home.rob-campbell.lan
> configured: kerberos-member
> server-software: active-directory
> client-software: winbind
> required-package: winbind
> required-package: libpam-winbind
> required-package: samba-common-bin
> login-formats: HOME\%U
> login-policy: allow-any-login
>
> Not sure what's happening. Is it joining the domain or is it not
joining
> the domain?
>
> DNS seems to be working:
> [Mon Sep 12 21:58:23] [root at dc02~$] nslookup dc01
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc01.HOME.ROB-CAMPBELL.LAN
> Address: 10.0.0.10
>
> [Mon Sep 12 22:01:02] [root at dc02~$] nslookup dc01.home.rob-campbell.lan
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc01.home.rob-campbell.lan
> Address: 10.0.0.10
>
> [Mon Sep 12 22:01:08] [root at dc02~$] nslookup 10.0.0.10
> 10.0.0.10.in-addr.arpa name = DC01.HOME.ROB-CAMPBELL.LAN.
>
> [Mon Sep 12 22:01:16] [root at dc02~$] host 10.0.0.10
> 10.0.0.10.in-addr.arpa domain name pointer DC01.HOME.ROB-CAMPBELL.LAN.
> [Mon Sep 12 22:01:20] [root at dc02~$] host dc01
> dc01.HOME.ROB-CAMPBELL.LAN has address 10.0.0.10
> [Mon Sep 12 22:01:26] [root at dc02~$] host dc01.home.rob-campbell.lan
> dc01.home.rob-campbell.lan has address 10.0.0.10
> [Mon Sep 12 22:01:33] [root at dc02~$] nslookup dc02
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc02.HOME.ROB-CAMPBELL.LAN
> Address: 10.0.0.9
>
> [Mon Sep 12 22:01:40] [root at dc02~$] nslookup dc02.home.rob-campbell.lan
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc02.home.rob-campbell.lan
> Address: 10.0.0.9
>
> [Mon Sep 12 22:01:47] [root at dc02~$] nslookup 10.0.0.9
> 9.0.0.10.in-addr.arpa name = dc02.HOME.ROB-CAMPBELL.LAN.
>
> [Mon Sep 12 22:01:59] [root at dc02~$] host 10.0.0.9
> 9.0.0.10.in-addr.arpa domain name pointer dc02.HOME.ROB-CAMPBELL.LAN.
> [Mon Sep 12 22:02:07] [root at dc02~$] host dc02.home.rob-campbell.lan
> dc02.home.rob-campbell.lan has address 10.0.0.9
> [Mon Sep 12 22:02:18] [root at dc02~$] host dc02
> dc02.HOME.ROB-CAMPBELL.LAN has address 10.0.0.9
>
> I'm guessing something is still wrong because I get this error when I
try
> to add a user using Enterprise Login:
> Couldn't connect to the home.rob-campbell.lan domain: Cannot find KDC
for
> realm "HOME.ROB-CAMPBELL.LAN"
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>
On 13/09/2022 03:16, Rob Campbell via samba wrote:> [Mon Sep 12 21:56:43] [root at dc02~$] realm leave > [Mon Sep 12 21:57:49] [root at dc02~$] realm list > [Mon Sep 12 21:57:51] [root at dc02~$] net ads join -U Administrator > Host is not configured as a member server. > Invalid configuration. Exiting.... > Failed to join domain: This operation is only allowed for the PDC of the > domain. > > I run through the wiki steps to add a domain member then. > > [Mon Sep 12 21:58:12] [root at dc02~$] net ads join -U Administrator > Enter Administrator's password: > Failed to join domain: failed to connect to AD: No logon servers are > currently available to service the logon request. > [Mon Sep 12 21:58:19] [root at dc02~$] realm list > home.rob-campbell.lan > type: kerberos > realm-name: HOME.ROB-CAMPBELL.LAN > domain-name: home.rob-campbell.lan > configured: kerberos-member > server-software: active-directory > client-software: winbind > required-package: winbind > required-package: libpam-winbind > required-package: samba-common-bin > login-formats: HOME\%U > login-policy: allow-any-login > > Not sure what's happening. Is it joining the domain or is it not joining > the domain?I wouldn't mix the Samba tools with the ipa tools. What does 'net ads testjoin' show when run as root ? Rowland