I can't connect to AD by “net ads join”(winbind)












0















I want to connect to Windows Active Directory from CentOS 7 with Samba, winbind.
Samba is already running but Winbind is not errored by following error at log.winbindd.




../source3/winbindd/winbindd_util.c:891(init_domain_list)



Could not fetch our SID - did we join?




I try "net -d 10 ads join -S dcserver -U poweruser" then get error log.
what parameter is Invalid? what parameter ddidn't I write in my config?
I don't know "dn" written in this log.



kerberos_kinit_password: as poweruser@DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gse_get_client_auth_token: Server principal not found
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : 'MYCENTSV$'
netbios_domain_name : 'DMNAME'
dns_domain_name : 'dmname.OURCO.JP'
forest_name : 'dmname.OURCO.JP'
dn : NULL
domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
domain_sid : *
domain_sid : S-1-5-21-1645522239-789336058-839522115
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
domain_is_ad : 0x01 (1)
set_encryption_types : 0x00000000 (0)
krb5_salt : NULL
result : WERR_NERR_DEFAULTJOINREQUIRED
Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
return code = -1
msg_dgm_ref_destructor: refs=(nil)









share|improve this question





























    0















    I want to connect to Windows Active Directory from CentOS 7 with Samba, winbind.
    Samba is already running but Winbind is not errored by following error at log.winbindd.




    ../source3/winbindd/winbindd_util.c:891(init_domain_list)



    Could not fetch our SID - did we join?




    I try "net -d 10 ads join -S dcserver -U poweruser" then get error log.
    what parameter is Invalid? what parameter ddidn't I write in my config?
    I don't know "dn" written in this log.



    kerberos_kinit_password: as poweruser@DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
    Starting GENSEC mechanism spnego
    Starting GENSEC submechanism gse_krb5
    gse_get_client_auth_token: Server principal not found
    SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
    Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
    kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
    ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
    libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
    out: struct libnet_JoinCtx
    account_name : 'MYCENTSV$'
    netbios_domain_name : 'DMNAME'
    dns_domain_name : 'dmname.OURCO.JP'
    forest_name : 'dmname.OURCO.JP'
    dn : NULL
    domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
    domain_sid : *
    domain_sid : S-1-5-21-1645522239-789336058-839522115
    modified_config : 0x00 (0)
    error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
    domain_is_ad : 0x01 (1)
    set_encryption_types : 0x00000000 (0)
    krb5_salt : NULL
    result : WERR_NERR_DEFAULTJOINREQUIRED
    Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
    return code = -1
    msg_dgm_ref_destructor: refs=(nil)









    share|improve this question



























      0












      0








      0








      I want to connect to Windows Active Directory from CentOS 7 with Samba, winbind.
      Samba is already running but Winbind is not errored by following error at log.winbindd.




      ../source3/winbindd/winbindd_util.c:891(init_domain_list)



      Could not fetch our SID - did we join?




      I try "net -d 10 ads join -S dcserver -U poweruser" then get error log.
      what parameter is Invalid? what parameter ddidn't I write in my config?
      I don't know "dn" written in this log.



      kerberos_kinit_password: as poweruser@DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
      Starting GENSEC mechanism spnego
      Starting GENSEC submechanism gse_krb5
      gse_get_client_auth_token: Server principal not found
      SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
      Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
      kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
      ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
      libnet_Join:
      libnet_JoinCtx: struct libnet_JoinCtx
      out: struct libnet_JoinCtx
      account_name : 'MYCENTSV$'
      netbios_domain_name : 'DMNAME'
      dns_domain_name : 'dmname.OURCO.JP'
      forest_name : 'dmname.OURCO.JP'
      dn : NULL
      domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
      domain_sid : *
      domain_sid : S-1-5-21-1645522239-789336058-839522115
      modified_config : 0x00 (0)
      error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
      domain_is_ad : 0x01 (1)
      set_encryption_types : 0x00000000 (0)
      krb5_salt : NULL
      result : WERR_NERR_DEFAULTJOINREQUIRED
      Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
      return code = -1
      msg_dgm_ref_destructor: refs=(nil)









      share|improve this question
















      I want to connect to Windows Active Directory from CentOS 7 with Samba, winbind.
      Samba is already running but Winbind is not errored by following error at log.winbindd.




      ../source3/winbindd/winbindd_util.c:891(init_domain_list)



      Could not fetch our SID - did we join?




      I try "net -d 10 ads join -S dcserver -U poweruser" then get error log.
      what parameter is Invalid? what parameter ddidn't I write in my config?
      I don't know "dn" written in this log.



      kerberos_kinit_password: as poweruser@DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
      Starting GENSEC mechanism spnego
      Starting GENSEC submechanism gse_krb5
      gse_get_client_auth_token: Server principal not found
      SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
      Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
      kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
      ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
      libnet_Join:
      libnet_JoinCtx: struct libnet_JoinCtx
      out: struct libnet_JoinCtx
      account_name : 'MYCENTSV$'
      netbios_domain_name : 'DMNAME'
      dns_domain_name : 'dmname.OURCO.JP'
      forest_name : 'dmname.OURCO.JP'
      dn : NULL
      domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
      domain_sid : *
      domain_sid : S-1-5-21-1645522239-789336058-839522115
      modified_config : 0x00 (0)
      error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
      domain_is_ad : 0x01 (1)
      set_encryption_types : 0x00000000 (0)
      krb5_salt : NULL
      result : WERR_NERR_DEFAULTJOINREQUIRED
      Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
      return code = -1
      msg_dgm_ref_destructor: refs=(nil)






      centos samba






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 14 '18 at 1:01







      Daisuke Hirayama

















      asked Nov 13 '18 at 22:14









      Daisuke HirayamaDaisuke Hirayama

      135




      135
























          1 Answer
          1






          active

          oldest

          votes


















          0














          I resolved by myself.
          I didn't know but "dcserver" was alias of "dcserver-1" in Active Directory.
          So It works after I replace it "dcserver-1" - net ads join -S dcserver-1 -U poweruser!



          I guess maybe "dcserver-1" is specified in ldap config, but because I have no right of Active Directory Administration, so I'm not sure.



          Thanks.






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53290321%2fi-cant-connect-to-ad-by-net-ads-joinwinbind%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I resolved by myself.
            I didn't know but "dcserver" was alias of "dcserver-1" in Active Directory.
            So It works after I replace it "dcserver-1" - net ads join -S dcserver-1 -U poweruser!



            I guess maybe "dcserver-1" is specified in ldap config, but because I have no right of Active Directory Administration, so I'm not sure.



            Thanks.






            share|improve this answer




























              0














              I resolved by myself.
              I didn't know but "dcserver" was alias of "dcserver-1" in Active Directory.
              So It works after I replace it "dcserver-1" - net ads join -S dcserver-1 -U poweruser!



              I guess maybe "dcserver-1" is specified in ldap config, but because I have no right of Active Directory Administration, so I'm not sure.



              Thanks.






              share|improve this answer


























                0












                0








                0







                I resolved by myself.
                I didn't know but "dcserver" was alias of "dcserver-1" in Active Directory.
                So It works after I replace it "dcserver-1" - net ads join -S dcserver-1 -U poweruser!



                I guess maybe "dcserver-1" is specified in ldap config, but because I have no right of Active Directory Administration, so I'm not sure.



                Thanks.






                share|improve this answer













                I resolved by myself.
                I didn't know but "dcserver" was alias of "dcserver-1" in Active Directory.
                So It works after I replace it "dcserver-1" - net ads join -S dcserver-1 -U poweruser!



                I guess maybe "dcserver-1" is specified in ldap config, but because I have no right of Active Directory Administration, so I'm not sure.



                Thanks.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 14 '18 at 4:07









                Daisuke HirayamaDaisuke Hirayama

                135




                135






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53290321%2fi-cant-connect-to-ad-by-net-ads-joinwinbind%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Florida Star v. B. J. F.

                    Danny Elfman

                    Lugert, Oklahoma