Samba Bind To Domain

Q

qwaven

Hello,

I've been trying to join a fresh install of FreeBSD to a Windows Domain.

I've installed Samba (samba35-3.5.6_1) from ports.

I install Webmin in hopes to make things easier. However I still am unable to get the BSD machine joined.

When using Webmin -> Bind to Domain I get the following error:

Code: 
Binding to domain with command /usr/local/bin/net join -U domainadminaccount -S child1\.root\.com ..

Enter ....'s password:
[2010/12/07 15:18:55.090616,  0] libnet/libnet_join.c:1130(libnet_join_ok)
  libnet_join_ok: failed to get schannel session key from server child1.root.com for domain CHILD1. Error was NT_STATUS_INVALID_COMPUTER_NAME
ADS join did not work, falling back to RPC...
Enter ....'s password:
Could not connect to server child1.root.com
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
Failed to join domain: failed to verify domain membership after joining: Invalid computer name

.. failed! See the output above for the reason why.

Any help with this would be great.

Thanks!
 
In the files below, i use domain.local as the windows domain
w2003s01 is the servers hostname. so the fqdn is w2003s01.domain.local with ipadres 192.168.1.1

my freebsd server is bsdserver01.domain.local with ip 192.168.1.2



Do you have a /etc/krb5.conf file?

if not, try the following.

Code: 
[libdefaults]
        default_realm = DOMAIN.LOCAL
        clockskew = 600

[realms]
        DOMAIN.LOCAL = {
                kdc = tcp/w2003s01.domain.local
}

[domain_realms]
        .domain.local = DOMAIN.LOCAL


Also make sure your dns server points to the ipaddress of the windows DNS server.
/etc/resolv.conf
Code: 
domain  domain.local
nameserver      192.168.1.1

Make sure your /etc/nsswitch file has the following.

Code: 
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

your hostname is set in /etc/rc.conf
it should look something like this
Code: 
hostname="bsdserver01.domain.local"

the smb.conf file could look like this

Code: 
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
netbios name = bsdserver01
interfaces = em0
#server string = %L (Samba v%v)
server string = %L
security = ads
allow trusted domains = yes
idmap uid = 5000-10000
#idmap gid = 5000-10000
winbind gid = 5000-10000
template homedir = /usr/home/%U
template shell = /bin/sh
winbind cache time = 3600
winbind nested groups = yes
winbind use default domain = yes
winbind separator = |
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
#passdb backend = tdbsam
syslog only = Yes
#password server = w2003s01.domain.local
#wins server = w2003s01.domain.local
socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
use sendfile = yes
read raw = yes
use sendfile = yes
local master = no
use sendfile = yes
dns proxy = no
username map = /usr/local/samba/usermap

# ACL Support
map acl inherit = yes
#acl group inherit = yes
acl group control = yes

# LOGGING
log file = /var/log/samba/%m
log level = 1
max log size = 1000
syslog = 2

and the /etc/hosts file looks like this

Code: 
::1                     localhost localhost.domain.local
127.0.0.1               localhost localhost.domain.local
192.168.1.2            bsdserver01.domain.local bsdserver01
192.168.1.2            bsdserver01.domain.local.

Also make sure the date is set properly.

this way it should work.

the following command should join the domain.

Code: 
net ads join -Uadministrator

And make sure you have selected ADS from the build options.
make config tells you what you have selected

Code: 
# cd /usr/ports/net/samba35
# make config
Also check if you selected Cups support that your Cups server is running.

And make sure winbind is running.
in /etc/rc.conf
Code: 
# Samba
smbd_enable="YES"
nmbd_enable="YES"
winbindd_enable="YES"
cupsd_enable="YES"

Hopes this helps.

regards
Sylhouette
 
Hi

Thanks for your reply.

I modified my config as best I could to yours and it seems to have helped a lot. I got the following:

Code: 
Joined 'hostname' to realm 'CHILD1.domain.COM'
DNS update failed!

Does the DNS update failed matter? We already had static mappings for the hostname in DNS. On a workstation if I do a nslookup it does resolve correctly.

Thoughts?

Thanks!
 
You must log in or register to reply here.
Back
Top