When configuring Samba as Active Directory member, using the bind to domain option is not working:
Binding to domain with command /usr/bin/net join -U administrateur .. Enter administrateur's password:ADS join did not work, falling back to RPC... Failed to join domain: failed to lookup DC info for domain 'DIGICOM.LOCAL' over rpc: Logon failure Enter administrateur's password:Failed to join domain: failed to lookup DC info for domain 'DIGICOM' over rpc: Logon failure .. failed! See the output above for the reason why.
However, in terminal the command is successful using keytab: root@cloudmin-2:~# net ads join -k Using short domain name -- DIGICOM Joined 'CLOUDMIN-2' to dns domain 'digicom.local'
Even without the keytab, using the same command as webmin display: root@cloudmin-2:~# /usr/bin/net join -U administrateur Enter administrateur's password: Using short domain name -- DIGICOM Joined 'CLOUDMIN-2' to dns domain 'digicom.local'
Here is a sample of the sssd configuration and samba configuration: root@cloudmin-2:~# cat /etc/sssd/sssd.conf
[sssd] domains = digicom.local config_file_version = 2 services = nss, pam
[domain/DIGICOM.LOCAL] id_provider = ad default_shell = /bin/bash override_homedir = /home/%u access_provider = simple
cat /etc/samba/smb.conf [global] workgroup = DIGICOM client signing = yes security = ads log file = /var/log/samba/log.%m netbios name = cloudmin-2 client use spnego = yes log level = 3 max log size = 1000 realm = DIGICOM.LOCAL kerberos method = secrets and keytab server string = %h server (Samba %v, Ubuntu)
[homes] path = /home valid users = @digicom
Comments
Submitted by JamieCameron on Thu, 03/16/2017 - 00:55 Comment #1
This may be a question better suited to the Samba developers, unless there is clearly something webmin is configuring wrong?
Submitted by digicom on Fri, 03/17/2017 - 07:32 Comment #2
Submitted by digicom on Fri, 03/17/2017 - 07:33 Comment #3
Submitted by digicom on Fri, 03/17/2017 - 07:36 Comment #4
As I mention above, the binding domain works perfectly in console, but in webmin it return an error. Maybe that is related to the webmin user running the script ? Even when I log in webmin using root user, the command is unsuccessful.
Could you point me the script that is run by webmin to bind the domain, I could do some test ?
Submitted by JamieCameron on Fri, 03/17/2017 - 20:19 Comment #5
When you run the command at the shell, do you have to enter a password?
Submitted by digicom on Wed, 03/22/2017 - 09:25 Comment #6
I had copy/paste the command report in the error message:
/usr/bin/net join -U administrateur
Enter administrateur's password:
Using short domain name -- DIGICOM
Joined 'CLOUDMIN-2' to dns domain 'digicom.local'
As you see, the password is asked and when it is entered it works as expected. I had tried without entering the password just to look at the error message:
/usr/bin/net join -U administrateur
Enter administrateur's password:
Failed to join domain: failed to lookup DC info for domain 'DIGICOM.LOCAL' over rpc: Logon failure
ADS join did not work, falling back to RPC...
Looks like the same error message have got from webmin interface.
Submitted by JamieCameron on Wed, 03/22/2017 - 23:04 Comment #7
Ok, I see the issue now - the password isn't being passed to the
net join
command properly. This will be fixed in the next Webmin release.Submitted by JamieCameron on Wed, 03/22/2017 - 23:04 Comment #8
Submitted by IssueBot on Wed, 04/05/2017 - 23:07 Comment #9
Automatically closed - issue fixed for 2 weeks with no activity.