Oracle are suggesting this is a known bug (oracle ID 7105257) with the createcomputer argument of net ads join.
Has anyone come across this issue or have working examples of Samba >= 3.5.8 joining AD without requiring Administrator privileges? Regards Paul On 9 Feb 2012, at 16:14, Paul Smith <[email protected]> wrote: > Has anyone had any success using net ads join to create a new service > principal and join Active Directory using samba 3.5.8. This works fine > in 3.0.35 but I'm not able to get a working create/join with 3.5.8 > > In samba 3.0.35 (on a host which is already allowing kerberised > loginsvia AD), the following works: > > net ads join createupn='CIFS/host.domain.com' \ > createcomputer='path/to/principal/' -U myadlogin > > After upgrading and restarting, samba works fine but deleting the AD > service principal and samba/private files to reconfigure, the net join > fails: > > # net ads join createupn='CIFS/smbtest.uk.domain.com' > createcomputer='MITKerberos/Services' -U myadlogin > Enter myadlogin's password: > Failed to join domain: failed to precreate account in ou > MITKerberos/Services: Invalid DN syntax > > The OU exists in AD (and works for earlier samba versions). Looking at > net ads join output with -d 99, it looks like the net command isn't > passing the netbios name through? > > [2012/02/09 15:45:29.014700, 1] libnet/libnet_join.c:1978() > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'AAA' > dns_domain_name : 'aaa.ads.domain.com' > forest_name : 'ADS.DOMAIN.COM' > dn : NULL > domain_sid : * > domain_sid : S-1-5-21-1606980848-1965331169-1417001333 > modified_config : 0x00 (0) > error_string : 'failed to precreate account in ou > MITKerberos/Services: Invalid DN syntax' > domain_is_ad : 0x01 (1) > result : WERR_DEFAULT_JOIN_REQUIRED > [2012/02/09 15:45:29.014909, 10] intl/lang_tdb.c:138() > lang_tdb_init: /usr/lib/samba/en_GB.UTF-8.msg: No such file or directory > Failed to join domain: failed to precreate account in ou > MITKerberos/Services: Invalid DN syntax > [2012/02/09 15:45:29.015245, 2] utils/net.c:916() > return code = -1 > > The smb.conf for this is as follows > > [global] > server string = SMBTEST Samba Server > security = ADS > realm = AAA.ADS.DOMAIN.COM > netbios name = SMBTEST > workgroup = AAA > interfaces = SMBTEST.uk.domain.com > bind interfaces only = Yes > log level = 3 > log file = /var/samba/log/log.%m > max log size = 128 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 > SO_SNDBUF=65536 SO_KEEPALIVE > nis homedir = No > hide dot files = Yes > wide links = No > local master = No > domain master = No > preferred master = No > os level = 0 > > [homes] > comment = Home Directories > browseable = yes > public = no > writable = yes > > Anyone have any pointers on how to create principles and join AD using > 3.5.8 or any ideas of relevant changes between 3.0.35 and 3.5.8 that > might explain this? > > Regards > > Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
