[OpenIndiana-discuss] Problems joining an AD domain

Lucas Van Tol catseyev9 at hotmail.com
Sat Aug 25 17:56:34 UTC 2012 

You might also want to try doing ntpdate -u *domain server*  and using the domain server as your nameserver in resolv.conf.

For a domain with several AD controllers,  I've also made a small dns server that returnes a consistent single address for the domain; as well as directing some variants of the domai  there [domian.com.domain.com; domain.domain.com ...].    It fixed a lot of mysterious domain join faiures I had.
You can also track what exactly thy are doing when they look for servers for the domain, and add entries as needed.

-Lucas Van Tol

Gordon Ross <gordon.w.ross at gmail.com> wrote:

On Sat, Aug 25, 2012 at 8:55 AM, Ryan  John <john.ryan at bsse.ethz.ch> wrote:
> Hi,
>
> I’m trying to join an AD domain, but can’t.
> This used to work with snv_134, and I’m using the same config.
> I’m not a top level domain admin, just an OU admin.
>
> In snv_134, I had to set lmauthlevel to 2, but that apparently doesn’t work anymore.
>
> If I set lmauthlevel=2, I simply get:
>
> ~# smbadm join -u john domain.example.com
> After joining domain.example.com the smb service will be restarted automatically.
> Would you like to continue? [no]: yes
> Enter domain password:
> Joining domain.example.com... this may take a minute ...
> failed to join domain.example.com: LOGON_FAILURE
> Please refer to the system log for more information.
>
> If I set lmauthlevel=4, I get:

This (4) is the only level that works reliably now.

> ~# smbadm join -u john domain.example.com
> After joining domain.example.com  the smb service will be restarted automatically.
> Would you like to continue? [no]: yes
> Enter domain password:
> Joining domain.example.com ... this may take a minute ...
> failed to join domain.example.com: UNSUCCESSFUL
> Please refer to the system log for more information.
>
> And in the log, I see:
> smbd[12965]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Cannot contact any KDC for requested realm)
> smbd[12965]: [ID 702911 daemon.notice] Failed to set machine password.
> smbd[12965]: [ID 871254 daemon.error] smbd: failed joining domain.example.com  (UNSUCCESSFUL)

What does nsswitch.conf have?
Can you resolve the kdc name "bare"?  (no domain part)

--
Gordon Ross <gwr at nexenta.com>
Nexenta Systems, Inc.  www.nexenta.com
Enterprise class storage for everyone

_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list