Cool dude! It works. Here's a transcript.
samba:~# net ads join -U administrator
Enter administrator's password:
Using short domain name -- ARM
Joined 'SAMBA' to realm 'arm.priv'
[2008/11/24 10:52:15, 0] libads/kerberos.c:ads_kinit_password(356)
kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in
Kerberos database
No DNS domain configured for samba. Unable to perform DNS Update.
DNS update failed!
I'll need to tweak something in the DNS, but that should not be a major
issue at this point.
Thanks a lot!
Alessandro Baretta
World Family of Radio Maria
http://www.radiomaria.org/
tel. +39 0332 228 150
fax. +39 0332 222 411
cel. +39 335 830 3189
skype alex.baretta
ekiga [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On Mon, Nov 24, 2008 at 03:47:52AM +0100, Alessandro Baretta wrote:
Hi everyone,
I am trying to set up a file server on Linux for Windows XP boxes in a
Windows Server 2003 environment. I followed an excellent tutorial on
Samba and ADS, which I recommend to all newbies like myself:
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081.
Kerberos authentication seems to succeed, and apparently there is
nothing wrong with my smb.conf file, yet when I try to add the server to
the ADS I get the following error message: "Failed to join domain:
Invalid configuration and configuration modification was not requested".
This error seems to be undocumented: I have found nothing either on
Google or on the samba.org site.
Here's a transcript of a shell session showing this error.
samba:~# kinit
Password for [EMAIL PROTECTED]: <--- Authentication succeeds
samba:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[fileserver]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = ARM.PRIV
realm = ARM.PRIV
server string = File server avanzato
security = ADS
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
[fileserver]
comment = Cartelle condivise
path = /var/samba
read only = No
create mask = 0700
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
samba:~# net ads join -U administrator
Enter administrator's password:
Failed to join domain: Invalid configuration and configuration
modification was not requested
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If I mistype the password I get a different error message:
samba:~# net ads join -U administrator%wrongpassword
Failed to join domain: failed to lookup DC info for domain 'ARM.PRIV'
over rpc: Logon failure
Can anyone help me?
--
Alessandro Baretta
World Family of Radio Maria
http://www.radiomaria.org/
tel. +39 0332 228 150
fax. +39 0332 222 411
cel. +39 335 830 3189
skype alex.baretta
ekiga [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Alessandro,
I was able to reproduce your problem on my virtual machines. By that I
mean that in trying to join a 2003 domain in ADS mode, I get the exact
same error as you.
I was able to solve it as explained below. Keep in mind that the same
error may be caused by different problems.
My test domain name is 'DOMAIN', and my realm is 'DOMAIN.COM'.
Setting either of the of 2 following lines caused the error indicated:
workgroup = DOMAIN.COM
or
realm = DOMAIN
Setting as follows, I joined the domain no problem.
workgroup = DOMAIN
realm = DOMAIN.COM
So it appears the domain name is the leftmost portion of the REALM, and
the REALM must be the entire name. Anything else will fail.
So try changing your workgroup line setting it as follows:
workgroup = ARM
I believe you will then be able to join sambe to the 2003 domain.
Give it a shot and let me know.
--
Pablo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
