Hello
I used the following procedure in S11.1, everything worked. As we reinstalled some servers, i tried the exact same with s11.2. Now i can't join my AD domain, and smb will not allow my users to access files.
Procedure:
- Configured NTP
- Configured DNS
- Configured Name Service Switch
- Initialized LDAP client
- Enabled smb server
- Tried to join AD Domain with kclient --> failed
- Tried to join AD Domain with smbadm join --> failed
Hosts Files:
127.0.0.1 localhost loghost
10.176.1.1 HOST.xx.xx.intern HOST
10.176.0.1 dc01.xx.xx.intern dc01
10.176.0.2 dc02.xx.xx.intern dc02
resolv.conf:
domain xx.xx.intern
search xx.xx.intern
nameserver 10.176.0.1
nameserver 10.176.0.2
Tests:
# nslookup xx.xx.intern
Server: 10.176.0.1
Address: 10.176.0.1#53
Name: xx.xx.intern
Address: 10.176.0.1
Name: xx.xx.intern
Address: 10.176.0.2
# dig dc01.xx.xx.intern +short
10.176.0.1
# nslookup 10.176.0.1
1.0.176.10.in-addr.arpa name = dc01.xx.xx.intern.
nsswitch.conf:
passwd: files ldap
group: files ldap
hosts: files dns
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files
automount: files ldap
aliases: files
services: files
printers: user files
project: files
auth_attr: files
prof_attr: files
tnrhtp: files
tnrhdb: files
sudoers: files
kclient fails:
/usr/sbin/kclient -T ms_ad -a DA_USER
Starting client setup
---------------------------------------------------
Setting up /etc/krb5/krb5.conf.
Attempting to join 'HOST' to the 'XX.XX.INTERN' domain.
Password for DA_USER@XX.XX.INTERN:
Forest name found: xx.xx.intern
Site name not found. Local DCs/GCs will not be discovered.
Creating the machine account in AD via LDAP.
Failed to set account password.
---------------------------------------------------
Setup FAILED.
smbadm join fails:
smbadm join -o 'OU=AA,OU=BB,OU=CC,DC=xx,DC=xx,DC=intern' -u DA_USER xx.xx.intern
After joining xx.xx.intern the smb service will be restarted automatically.
Would you like to continue? [no]: yes
Enter domain password:
Locating DC in xx.xx.intern ... this may take a minute ...
Joining xx.xx.intern ... this may take a minute ...
failed to join xx.xx.intern: UNSUCCESSFUL
Please refer to the system log for more information.
Logs:
smbd[19608]: [ID 702911 daemon.error] smbns_kpasswd: KPASSWD protocol exchange failed () (Cannot contact any KDC for requested realm)
smbd[19608]: [ID 702911 daemon.notice] Machine password update failed
smbd[19608]: [ID 702911 daemon.error] unable to join xx.xx.intern (UNSUCCESSFUL)
I have no more ideas what could be the error. The server is our ZFS nas server, we are using it to share NFS and SMB to other hosts. AD is on Win Server 2012r2 (Version 6.2 Build 9200)
any advice would be greatly appreciated