In our AD environment, I pre-create computer records in our AD OU computers container via a Windows system using the Active Directory Users and Computers console. I then bind Samba domain members using "net ads join -U domain_admin_login".
Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Gutierrez Sent: Monday, January 28, 2008 5:59 PM To: Calderon, Willy (NIH/NINDS) [C]; [email protected] Subject: RE: [Samba] joining an AD You may just have to join it to the domain and then move it manually into the OU through windows. Unless you upgrade to a newer version of samba that supports that feature. -----Original Message----- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 5:15 PM To: Guillermo Gutierrez; [email protected] Subject: RE: [Samba] joining an AD Thanks for this. The problem appears to be that I can't create the workstation in the OU. I can use my same credentials to log into the AD and create a workstation in that OU through Windows but not through Linux. # net help ads join net ads join [options] Valid options: createupn[=UPN] Set the userPrincipalName attribute during the join. The deault UPN is in the form host/[EMAIL PROTECTED] createcomputer=OU Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. "createcomputer=Computers/Servers/Unix" NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator So when I try # net ads join createcomputer="Servers/Windows/Computers/AD" -U willy%password Failed to pre-create the machine object in OU createcomputers=Servers/Windows/Computers/AD. [2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533) error calling net_precreate_machine_acct: No such object Failed to join domain: No such object [2008/01/28 20:15:30, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -----Original Message----- From: Calderon, Willy (NIH/NINDS) [C] Sent: Mon 1/28/2008 7:58 PM To: Guillermo Gutierrez; [email protected] Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -----Original Message----- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; [email protected] Subject: RE: [Samba] joining an AD Whoops, The trailing (") should be at the end of the OU path, in your case after the 'AD'. The computername is a separate value that you are feeding it. net ads join createcomputer="Servers/Windows/Computers/AD" computername -----Original Message----- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 1:59 PM To: Guillermo Gutierrez; [email protected] Subject: RE: [Samba] joining an AD Is there a trailing quote (") after computer name ? * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -----Original Message----- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 4:45 PM To: Calderon, Willy (NIH/NINDS) [C]; [email protected] Subject: RE: [Samba] joining an AD You have to use the "createcomputer" parameter if you want to specify the OUs. Ex: net ads join createcomputer="Servers/Windows/Computers/AD computername -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 1:17 PM To: [email protected] Subject: [Samba] joining an AD Hi there - I am trying to join the domain using the net ads join command but keep getting a " Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join "Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
