Unable to join to SAMBA4 domain

alfred · February 5, 2019, 2:09pm

NethServer Version: NethServer release 7.6.1810 (final)
Module: Accounts Provider

I cannot join to a SAMBA4 domain, when I try through gui, it outputs: “Failed to join Active Directory (Joining the domain example.com failed)”

This is the sssd config:

config show sssd
sssd=service
    AdDns=
    BaseDN=
    BindDN=
    BindPassword=
    DiscoverDcType=dns
    GroupDN=
    LdapURI=
    Provider=none
    Realm=
    StartTls=
    UserDN=
    Workgroup=
    status=disabled

Account Provider:

{
   "BindDN" : "",
   "LdapURI" : "ldap://127.0.0.1",
   "DiscoverDcType" : "dns",
   "StartTls" : "",
   "port" : 389,
   "host" : "127.0.0.1",
   "isAD" : "",
   "isLdap" : "",
   "UserDN" : "dc=example,dc=com",
   "GroupDN" : "dc=example,dc=com",
   "BindPassword" : "",
   "BaseDN" : "dc=example,dc=com",
   "LdapUriDn" : "ldap:///dc%3Dexample%2Cdc%3Dcom"
}

This the status of sssd:

● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2019-02-05 10:53:32 -03; 11min ago
 Main PID: 2883 (code=exited, status=4)

Feb 05 10:53:31 tiny-fishwife.example.com systemd[1]: Starting System Security Services Daemon...
Feb 05 10:53:32 tiny-fishwife.example.com sssd[2883]: SSSD couldn't load the configuration database [5]: Input/output error.
Feb 05 10:53:32 tiny-fishwife.example.com systemd[1]: sssd.service: main process exited, code=exited, status=4/NOPERMISSION
Feb 05 10:53:32 tiny-fishwife.example.com systemd[1]: Failed to start System Security Services Daemon.
Feb 05 10:53:32 tiny-fishwife.example.com systemd[1]: Unit sssd.service entered failed state.
Feb 05 10:53:32 tiny-fishwife.example.com systemd[1]: sssd.service failed.

And this one:

net ads info
ads_connect: No logon servers are currently available to service the logon request.
ads_connect: No logon servers are currently available to service the logon request.
Didn't find the ldap server!

Please how do I fix it?

Thanks in advance!

fausp · February 5, 2019, 3:03pm

alfred:

This is the sssd config:

config show sssd
sssd=service
    AdDns=
    BaseDN=
    BindDN=
    BindPassword=
    DiscoverDcType=dns
    GroupDN=
    LdapURI=
    Provider=none
    Realm=
    StartTls=
    UserDN=
    Workgroup=
    status=disabled

Looks like you didnt install it correctly? Have a look: Users and groups…

alfred · February 5, 2019, 3:31pm

Please I don’t understand what is what I did not install correctly? I’ve followed those steps of the docs, and it doesn’t work…

Thanks again

fausp · February 5, 2019, 4:16pm

OK, maybe I was wrong, I tought you want to join a Client (Win, Linux, Mac) to your NethServer AD. You may like to join your Nethserver to another Domain?

alfred · February 5, 2019, 4:18pm

Yes, I like to join my NS to another domain

fausp · February 5, 2019, 4:22pm

OK, Is the other Server a NS? Please give us a bit more details…

alfred · February 5, 2019, 4:57pm

it’s a Debian 9, I’ve found something suspicious on it:

/usr/sbin/samba_spnupdate 
Failed to find computer object for LDAP$

fausp · February 5, 2019, 6:08pm

Hard to say… Looks like a Debian-Problem, maybe there are some Debian-Admins here?

In the past I was able to join NS to a Win2016 Domain, worked really well…

I think you should also try to ask in a Debian-Forum, did you ?

federico.ballarini · February 5, 2019, 6:13pm

Check if the time difference is not more than 5 minutes. And post settings that you insert in the Join Page, please.

Thank you.