我无法通过 "net ads join"(winbind) 连接到 AD
I can't connect to AD by "net ads join"(winbind)
我想使用 Samba、winbind 从 CentOS 7 连接到 Windows Active Directory。
Samba 已经 运行 但 Winbind 不会因 log.winbindd.
处的以下错误而出错
../source3/winbindd/winbindd_util.c:891(init_domain_list)
Could not fetch our SID - did we join?
我尝试 "net -d 10 ads join -S dcserver -U poweruser" 然后得到错误日志。
什么参数无效?我在配置中没有写什么参数?
我不知道"dn"写在这个日志里
kerberos_kinit_password: as poweruser@DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gse_get_client_auth_token: Server principal not found
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : 'MYCENTSV$'
netbios_domain_name : 'DMNAME'
dns_domain_name : 'dmname.OURCO.JP'
forest_name : 'dmname.OURCO.JP'
dn : NULL
domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
domain_sid : *
domain_sid : S-1-5-21-1645522239-789336058-839522115
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
domain_is_ad : 0x01 (1)
set_encryption_types : 0x00000000 (0)
krb5_salt : NULL
result : WERR_NERR_DEFAULTJOINREQUIRED
Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
return code = -1
msg_dgm_ref_destructor: refs=(nil)
我自己解决的。
我不知道 "dcserver" 是 Active Directory 中 "dcserver-1" 的别名。
所以它在我替换它后工作 "dcserver-1" - net ads join -S dcserver-1 -U poweruser!
我想可能是在ldap配置中指定了"dcserver-1",但是因为我没有Active Directory Administration的权限,所以我不确定。
谢谢。
我想使用 Samba、winbind 从 CentOS 7 连接到 Windows Active Directory。 Samba 已经 运行 但 Winbind 不会因 log.winbindd.
处的以下错误而出错../source3/winbindd/winbindd_util.c:891(init_domain_list)
Could not fetch our SID - did we join?
我尝试 "net -d 10 ads join -S dcserver -U poweruser" 然后得到错误日志。 什么参数无效?我在配置中没有写什么参数? 我不知道"dn"写在这个日志里
kerberos_kinit_password: as poweruser@DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gse_get_client_auth_token: Server principal not found
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : 'MYCENTSV$'
netbios_domain_name : 'DMNAME'
dns_domain_name : 'dmname.OURCO.JP'
forest_name : 'dmname.OURCO.JP'
dn : NULL
domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
domain_sid : *
domain_sid : S-1-5-21-1645522239-789336058-839522115
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
domain_is_ad : 0x01 (1)
set_encryption_types : 0x00000000 (0)
krb5_salt : NULL
result : WERR_NERR_DEFAULTJOINREQUIRED
Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
return code = -1
msg_dgm_ref_destructor: refs=(nil)
我自己解决的。
我不知道 "dcserver" 是 Active Directory 中 "dcserver-1" 的别名。
所以它在我替换它后工作 "dcserver-1" - net ads join -S dcserver-1 -U poweruser!
我想可能是在ldap配置中指定了"dcserver-1",但是因为我没有Active Directory Administration的权限,所以我不确定。
谢谢。