[Tue Sep 13 16:15:43] [*root at dc02~$*] net ads testjoin Join is OK [Tue Sep 13 16:19:14] [*root at D01~$*] net ads testjoin ads_connect: No logon servers are currently available to service the logon request. Join to domain is not valid: No logon servers are currently available to service the logon request. [Tue Sep 13 16:19:25] [*root at DC01/var/log/samba$*] net ads testjoin kerberos_kinit_password HOME at HOME.ROB-CAMPBELL.LAN failed: Client not found in Kerberos database Join to domain is not valid: The name provided is not a properly formed account name. DC01 us the DC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all things, Be Intentional. On Tue, Sep 13, 2022 at 3:39 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> > > On 13/09/2022 03:16, Rob Campbell via samba wrote: > > [Mon Sep 12 21:56:43] [root at dc02~$] realm leave > > [Mon Sep 12 21:57:49] [root at dc02~$] realm list > > [Mon Sep 12 21:57:51] [root at dc02~$] net ads join -U Administrator > > Host is not configured as a member server. > > Invalid configuration. Exiting.... > > Failed to join domain: This operation is only allowed for the PDC of the > > domain. > > > > I run through the wiki steps to add a domain member then. > > > > [Mon Sep 12 21:58:12] [root at dc02~$] net ads join -U Administrator > > Enter Administrator's password: > > Failed to join domain: failed to connect to AD: No logon servers are > > currently available to service the logon request. > > [Mon Sep 12 21:58:19] [root at dc02~$] realm list > > home.rob-campbell.lan > > type: kerberos > > realm-name: HOME.ROB-CAMPBELL.LAN > > domain-name: home.rob-campbell.lan > > configured: kerberos-member > > server-software: active-directory > > client-software: winbind > > required-package: winbind > > required-package: libpam-winbind > > required-package: samba-common-bin > > login-formats: HOME\%U > > login-policy: allow-any-login > > > > Not sure what's happening. Is it joining the domain or is it not joining > > the domain? > > I wouldn't mix the Samba tools with the ipa tools. What does 'net ads > testjoin' show when run as root ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Tue, 2022-09-13 at 16:22 -0400, Rob Campbell via samba wrote:> [Tue Sep 13 16:15:43] [*root at dc02~$*] net ads testjoin > Join is OK > > [Tue Sep 13 16:19:14] [*root at D01~$*] net ads testjoin > ads_connect: No logon servers are currently available to service the > logon > request. > Join to domain is not valid: No logon servers are currently available > to > service the logon request. > > [Tue Sep 13 16:19:25] [*root at DC01/var/log/samba$*] net ads testjoin > kerberos_kinit_password > HOME at HOME.ROB-CAMPBELL.LAN > failed: Client not found > in Kerberos database > Join to domain is not valid: The name provided is not a properly > formed > account name. > > DC01 us the DCFor historical reasons, the 'net' tools are not normally used on or with a DC in this way, they are trying to confirm the domain member path, and so this pattern is untested. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
On 13/09/2022 21:22, Rob Campbell wrote:> [Tue Sep 13 16:15:43] [*root at dc02~$*] net ads testjoin > Join is OKIf I remember correctly, DC02 is a Unix domain member, so that (from info provided) appears to working correctly.> > [Tue Sep 13 16:19:14] [*root at D01~$*] net ads testjoin > ads_connect: No logon servers are currently available to service the > logon request. > Join to domain is not valid: No logon servers are currently available to > service the logon request.Can you go here: https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Download the script and run it on 'D01' post the output here in a post, do not attach it, this list strips attachments. Sanitise it you must.> > [Tue Sep 13 16:19:25] [*_root at DC01/var/log/samba$_*] net ads testjoin > kerberos_kinit_password HOME at HOME.ROB-CAMPBELL.LAN failed: Client not > found in Kerberos database > Join to domain is not valid: The name provided is not a properly formed > account name. > > DC01 us the DCAnd 'net ads testjoin' doesn't work on a DC. Rowland