Troubleshooting Samba Domain Members
This documentation helps you to troubleshoot problems users are frequently having when running Samba as a member in an Active Directory (AD) forest or NT4 domain.
Setting the Samba Log Level
For details, see Setting the Samba Log Level.
Domain Members in an Active Directory Forest
Troubleshooting the Domain Join Procedure
Error: No DNS domain configured. Unable to perform DNS Update.
When joining a host to an Active Directory (AD), the
net command fails to update the DNS:
# net ads join -U administrator Enter administrator's password: Using short domain name -- SAMDOM Joined 'AD-Member' to dns domain 'samdom.example.com' No DNS domain configured for AD-Member. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER
Note, that the join was successful and only the DNS updated failed.
After the client was joined to the domain, the
net command look up the fully qualified domain name (FQDN) using name service switch (NSS) libraries. If the FQDN can not be resolved, for example using DNS or the
/etc/hosts file, the DNS update fails.
To solve the problem:
- Add the IP address and FQDN to the
/etc/hostsfile. For example:
10.99.0.5 AD-Member.samdom.example.com AD-Member
- Run the
net ads joincommand again.
If dynamic DNS updates still fail, verify on the AD DNS server that dynamic updates are working.
DNS Update failed: ERROR_DNS_GSS_ERROR
When using the
BIND9_DLZ back end, dynamic DNS updates can fail because of an incorrect Kerberos setup on the AD domain controller (DC) running the DNS server:
# net ads join -U administrator Enter administrator's password: Using short domain name -- SAMDOM Joined 'AD-Member' to dns domain 'samdom.example.com' DNS Update for AD-Member.samdom.example.com failed: ERROR_DNS_GSS_ERROR DNS update failed: NT_STATUS_UNSUCCESSFUL
To solve the problem, see Reconfiguring the BIND9_DLZ Back End.
Domain Members in an NT4 Domain
Currently, we do not have content here.