LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   SUSE / openSUSE (https://www.linuxquestions.org/questions/suse-opensuse-60/)
-   -   Failed to join domain (https://www.linuxquestions.org/questions/suse-opensuse-60/failed-to-join-domain-659062/)

sirscott44 07-29-2008 12:42 PM

Failed to join domain
 
Opensuse 11.0 to join a Windows 2003 Server that has ADS
Every time I try to join my Suse to windows domain
I get message pop up telling me . Failed to join domain. failed to find dc for domain XXXX.LOCAL

Ive tried to tweek settings best i can in samba etc.. But still same message.

I joind SLED and 10.3 with very little issue.. But 11.0 I cant seem to be member of local domain at all.

any ideas etc ?[

Im trying to show certin heads at work what suse can do. So far not wining any nods with these windows users grr

ajef101272 08-02-2008 01:36 AM

Can you ping the DC?

sirscott 08-03-2008 12:30 PM

Yes..

Now course I'm the only SUSE user in among windows users so they have no issue joining and authenticating to the domain.

ajef101272 08-04-2008 02:20 AM

Can you ping your suse box from the 2003 server? Is the suse box and the server in the same IP range and subnet? Assuming the server has some public shares, what happens when you put smb://ip_address_of_server into your browser on the suse box?

sirscott44 08-05-2008 08:19 AM

Quote:

Originally Posted by ajef101272 (Post 3235862)
Can you ping your suse box from the 2003 server? Is the suse box and the server in the same IP range and subnet? Assuming the server has some public shares, what happens when you put smb://ip_address_of_server into your browser on the suse box?



It soon pops up window were I enter my log in info. Then I wait on konq for min then up shows the folders on the server..

I can access the server and folders with no problem I just have to enter my domain log in name and pwd to use the shares etc.Which gets old each time..

But I try and join domain via yast..Failed to join domain. failed to find dc for domain XXXX.LOCAL.

I don't have admin rights to the domain server.. So ive not tried to ping my box from it..

Bikerpete 08-13-2009 08:32 AM

Same problem here!

We have build up a testnetwork:

DC = Windows2008 Server

Client1 = WindowsXP Pro SP3
Client2 = Windows 7
Client3 = MsDOS 6.22 with MSClient and TCP/IP (<-- don't laugh, we need some of these boxes for our production lines)
Client4 = OpenSuse 11.1

All clients joined the AD without problems (MSDos after tweaking the global security a bit).
The only one, that is not able to join is the OpenSuse11.1 box.

I tried YAST --> Network-Services --> Windows Domain Membership (something like that - have to translate from german :-) )

After filling out that form and click proceed, I receive the message, that the linux-box is not a member of the domain and it asks me, if I want to join.
I agree and box shows up, where I have to type in my credentials of a privileged domain account (Administrator).
After a while, I get the same message:
"Failed to join domain. failed to find dc for domain "DOMAINNAME".

I can connect to shares on the DC without problems (after I typed in my name/password combo of a domain account).
Ping works in both directions and as it is just a network for tests, I shut down both firewalls (DC and Linux-Client).

Kerberos auth work fine (I think). I can authenticate with kinit <username> and I receive some informations, when I try klist.

Any ideas? I really need to get that working and I don't want to go back to 10.0, where everything worked like a charm :-)

sirscott 08-14-2009 12:20 AM

Quote:

Originally Posted by Bikerpete (Post 3641847)
Same problem here!

We have build up a testnetwork:

DC = Windows2008 Server

Client1 = WindowsXP Pro SP3
Client2 = Windows 7
Client3 = MsDOS 6.22 with MSClient and TCP/IP (<-- don't laugh, we need some of these boxes for our production lines)
Client4 = OpenSuse 11.1

All clients joined the AD without problems (MSDos after tweaking the global security a bit).
The only one, that is not able to join is the OpenSuse11.1 box.

I tried YAST --> Network-Services --> Windows Domain Membership (something like that - have to translate from german :-) )

After filling out that form and click proceed, I receive the message, that the linux-box is not a member of the domain and it asks me, if I want to join.
I agree and box shows up, where I have to type in my credentials of a privileged domain account (Administrator).
After a while, I get the same message:
"Failed to join domain. failed to find dc for domain "DOMAINNAME".

I can connect to shares on the DC without problems (after I typed in my name/password combo of a domain account).
Ping works in both directions and as it is just a network for tests, I shut down both firewalls (DC and Linux-Client).

Kerberos auth work fine (I think). I can authenticate with kinit <username> and I receive some informations, when I try klist.

Any ideas? I really need to get that working and I don't want to go back to 10.0, where everything worked like a charm :-)

I will keep eye out on a answer to this as well.:)

Bikerpete 08-16-2009 04:39 AM

Solved!!!
 
Okay - I solved the problem last night ;)

Here is the short version of what I did (and I verified it on a second OpenSuse 11.1 machine today):

Before you start, make sure, that your network settings are OK and you can ping both machines from all directions ;)
Next make sure that the time for all involved computers is identical (Kerberos is very picky when times differ. That is for security reasons to avoid logins with sniffed packages.)
So it is best to configure ntp to keep the time in sync.

1. register your domain-controller in the machines hosts list via Yast or with editing /etc/hosts
Insert the fully qualified domain name first, then the short name as the alias.

Example:
192.168.1.7 server.domain.com server

2. edit the /etc/resolv.conf and add your DC as a nameserver
nameserver = server.domain.com

3. Open YAST and configure Kerberos.
ATTENTION: :doh:
The realm has to be written in capital letters
DOMAIN.COM

4. Configure SAMBA with YAST. Domain controller option is set to none (not PDC or BDC). Workgroupname is your domain.
Edit the /etc/samba/smb.conf and change the security from "users" to "ADS" and add a line "realm = DOMAIN.COM"
Then don't forget to restart the samba server.

5. Execute the following command:
net ads join -U Administrator (<-- use a domain user, that is allowed to add machines to your domain. So why not the Administrator ;) ).

6. Now open YAST and choose the "Windows Domain Membership" option.
Domain membership should be already your domain.
Check "Use smb-information for authentification" and "single sign on for SSH" (if you want it).
After pressing OK, Yast will install winbind and some other necessary packets.

7. Reboot the linux client and go and get a coffee.

8. Now you should see additional options in your logon screen.
<local>, DOMAINNAME, CLIENTNAME
Choose your domain and logon with your domain user account.

Thats it - the rest is finetuning (for example mapping the users home to the domain-controller or something like that).

I will write a longer version of that for my homepage linuxpeter.de as soon as I find some time to do that :D

sirscott 08-16-2009 02:48 PM

When I get the chance I will try that :)

alnuemann 11-15-2009 11:06 AM

Bikerpete,
I believe you have more-or-less a complete set of instructions. However when I try them I still cannot join my openSuse client PC to my Win2003 Server. Please clarify your 1-8 step instructions wherever you mention essentially to enter "your" domain... i.e.: Are you referring to the existing client 'workgroup' or the (target) Server? Note: I've tried the instructions both ways, although there are multiple instances for entering domain names... so I would like clarification.
Please advise for this Linux newbie.
Thanks.
Al

jqbarry 02-19-2010 06:45 PM

Works
 
Thanks for something I've been intending to solve for so long. Can confirm that it's joined Windows 2003 domain. Previously I had to leave the machine as a WG machine, configuring the workgroup name same as the domain name with the LAN cable unplugged, then plugging it back in once samba was set up.

honyczek 05-12-2011 04:21 AM

net ads server parameter
 
Hello,

I'd problem with joining at OpenSUSE 11.4. I went thru steps written above, but still unsuccessfully. At the end it helped me to specify target server (parameter -S):

net ads join -U admininstrator -S server.domain.com


All times are GMT -5. The time now is 08:45 AM.