Can I use net ads join without DNS
in [Samba]
|
Prev: [Samba] ACL misbehavior moving from POSIX ACL -> acl_xattr
Next: ACL misbehavior moving from POSIX ACL -> acl_xattr
From: Volker Lendecke on 16 Sep 2009 12:40 On Wed, Sep 16, 2009 at 03:10:38PM +0100, andy.marr(a)bt.com wrote: > Hi Samba people > > I'm trying to join a Solari10 server using Samba Version 3.0.33 server > to an ADS. But the ADS is not in DNS. > > I thought I could get round this by putting the ADS IP in the servers > local hosts file, and telling the krb5.conf not to use dns but it > doesn't seem to work. > > 1. Can it be done ? > 2. If it can how ? Can you try -S <servername> as an argument to the net ads join? Volker
From: andy.marr on 16 Sep 2009 13:10 Cheers Volker I used your option and I've also found the password server option in the smb.conf. Im running both and seem to have got a bit further. But now I'm getting a different error. I'm not sure if the problem is still DNS. The ADS server is not in DNS and in a different domain to my SAMBA server. Here is the error I'm now getting [root(a)fgukshppay001] # /usr/sfw/sbin/net join ads -Uadmandymarr -Sfgukcbradc001 admandymarr's password: Bad option: ads Failed to join domain: Invalid parameter ADS join did not work, falling back to RPC... Could not connect to server fgukcbradc001 The username or password was not correct. [2009/09/16 17:58:00, 0] utils/net_rpc_join.c:(81) net_rpc_join_ok: failed to get schannel session key from server fgukcbradc001 for dom ain FGPREPROD. Error was NT_STATUS_ACCESS_DENIED Unable to join domain FGPREPROD. All is the same as original post except the following added to smb.conf password server = 10.193.33.133 -- which the ip of fgukcbradc001 the ADS server When I run a debug level 3 I can see the following after I enter the password admandymarr's password: [2009/09/16 17:55:14, 3] libads/ldap.c:(394) Connected to LDAP server 10.193.33.133 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2009/09/16 17:55:14, 3] libads/sasl.c:(300) ads_sasl_spnego_bind: got server principal name = fgukcbradc001$@FGPREPROD.COM [2009/09/16 17:55:14, 3] libsmb/clikrb5.c:(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache file found) [2009/09/16 17:55:14, 3] libsmb/clikrb5.c:(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 17 Sep 20 09 03:55:14 BST [2009/09/16 17:55:14, 3] libads/ldap.c:(394) Connected to LDAP server 10.193.33.133 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2009/09/16 17:55:14, 3] libads/sasl.c:(291) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2009/09/16 17:55:14, 3] libads/sasl.c:(300) ads_sasl_spnego_bind: got server principal name = fgukcbradc001$@FGPREPROD.COM [2009/09/16 17:55:14, 3] libsmb/clikrb5.c:(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 17 Sep 20 09 03:55:14 BST Bad option: ads Failed to join domain: Invalid parameter ADS join did not work, falling back to RPC... -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke(a)SerNet.DE] Sent: 16 September 2009 17:28 To: Marr,A,Andy,DGE62 C Cc: samba(a)lists.samba.org Subject: Re: [Samba] Can I use net ads join without DNS On Wed, Sep 16, 2009 at 03:10:38PM +0100, andy.marr(a)bt.com wrote: > Hi Samba people > > I'm trying to join a Solari10 server using Samba Version 3.0.33 server > to an ADS. But the ADS is not in DNS. > > I thought I could get round this by putting the ADS IP in the servers > local hosts file, and telling the krb5.conf not to use dns but it > doesn't seem to work. > > 1. Can it be done ? > 2. If it can how ? Can you try -S <servername> as an argument to the net ads join? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: andy.marr on 16 Sep 2009 13:30 Also found in the debug output the following [2009/09/16 18:20:09, 8] libsmb/namequery.c:(1644) get_sorted_dc_list: attempting lookup for name FGPREPROD.COM (sitename NULL) using [ad s] Which I'm guessing is where its getting the: Bad option: ads Failed to join domain: Invalid parameter Error message. Seems to be pointing to DNS again. Cheers Andy -----Original Message----- From: Volker Lendecke [mailto:Volker.Lendecke(a)SerNet.DE] Sent: 16 September 2009 17:28 To: Marr,A,Andy,DGE62 C Cc: samba(a)lists.samba.org Subject: Re: [Samba] Can I use net ads join without DNS On Wed, Sep 16, 2009 at 03:10:38PM +0100, andy.marr(a)bt.com wrote: > Hi Samba people > > I'm trying to join a Solari10 server using Samba Version 3.0.33 server > to an ADS. But the ADS is not in DNS. > > I thought I could get round this by putting the ADS IP in the servers > local hosts file, and telling the krb5.conf not to use dns but it > doesn't seem to work. > > 1. Can it be done ? > 2. If it can how ? Can you try -S <servername> as an argument to the net ads join? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Volker Lendecke on 16 Sep 2009 17:50
On Wed, Sep 16, 2009 at 06:01:04PM +0100, andy.marr(a)bt.com wrote: > Cheers Volker > > I used your option and I've also found the password server option in the > smb.conf. Im running both and seem to have got a bit further. > > But now I'm getting a different error. I'm not sure if the problem is > still DNS. > > The ADS server is not in DNS and in a different domain to my SAMBA > server. > > Here is the error I'm now getting > > [root(a)fgukshppay001] # /usr/sfw/sbin/net join ads -Uadmandymarr > -Sfgukcbradc001 > admandymarr's password: You might want to try "net ads join" instead of "net join ads". Volker |