Sice Fedora 23 I'm unable to join a station to the classic domain even it works on my Fedora 20 (old machine I have handy). See https://bugzilla.redhat.com/show_bug.cgi?id=1359398 When trying to debug problem, it seem like net command is trying to join AD instead of classic domain (see below). The logs are from up-to-date box with F24, last log is from F20 where it works. $ net join -w oalib.cz -U root Failed to join domain: failed to find DC for domain OALIB.CZ $ net rpc oldjoin -w oalib.cz -U root Failed to join domain: failed to find DC for domain OALIB.CZ $ net join -w oalib.cz -U root -d3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface enp8s0 ip=10.0.0.35 bcast=10.0.255.255 netmask=255.255.0.0 get_dc_list: preferred server list: ", *" ads_find_dc: name resolution for realm '' (domain 'OALIB.CZ') failed: NT_STATUS_NO_LOGON_SERVERS libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'PITOMA' domain_name : * domain_name : 'OALIB.CZ' domain_name_type : JoinDomNameTypeUnknown (0) account_ou : NULL admin_account : '' admin_domain : NULL machine_password : NULL join_flags : 0x000000c1 (193) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.OALIB.CZ (Success) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to find DC for domain OALIB.CZ' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_DCNOTFOUND Enter root's password: <password entered> libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'PITOMA' domain_name : * domain_name : 'OALIB.CZ' domain_name_type : JoinDomNameTypeUnknown (0) account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.OALIB.CZ (Success) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to find DC for domain OALIB.CZ' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_DCNOTFOUND Failed to join domain: failed to find DC for domain OALIB.CZ return code = -1 $ net rpc oldjoin -w oalib.cz -U root -d3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface enp8s0 ip=10.0.0.35 bcast=10.0.255.255 netmask=255.255.0.0 libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'PITOMA' domain_name : * domain_name : 'OALIB.CZ' domain_name_type : JoinDomNameTypeUnknown (0) account_ou : NULL admin_account : '' admin_domain : NULL machine_password : NULL join_flags : 0x000000c1 (193) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.OALIB.CZ (Success) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to find DC for domain OALIB.CZ' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_DCNOTFOUND Failed to join domain: failed to find DC for domain OALIB.CZ return code = -1 Debug output from Fedora 20 working setup for comparsion: ========================================================= $ net join -w oalib.cz -U root -d3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface p4p1 ip=10.0.50.4 bcast=10.0.255.255 netmask=255.255.0.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED get_dc_list: preferred server list: ", *" resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1c> resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1c> resolve_wins: using WINS server 10.0.0.2 and tag '*' Got a positive name query response from 10.0.0.2 ( 10.0.0.2 ) ads_cldap_netlogon: did not get a reply ads_try_connect: CLDAP request 10.0.0.2 failed. resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1b> resolve_lmhosts: Attempting lmhosts lookup for name OALIB.CZ<0x1b> resolve_wins: using WINS server 10.0.0.2 and tag '*' Got a positive name query response from 10.0.0.2 ( 10.0.0.2 ) Connecting to 10.0.0.2 at port 445 rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! rpc command function failed! (NT_STATUS_ACCESS_DENIED) Enter root's password: Connecting to 10.0.0.2 at port 445 Doing spnego session setup (blob length=42) got OID=1.3.6.1.4.1.311.2.2.10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 Connecting to 10.0.0.2 at port 445 Joined domain OALIB.CZ. return code = 0
confirm bug. Samba 4.4.7 Detailed log below: Samba 4.4.7 Detailed log below: [root@pandora7 ~]# net join rpc -S ARMADA -U root -d3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface enp31s0 ip=192.168.1.95 bcast=192.168.1.95 netmask=255.255.255.255 get_dc_list: preferred server list: ", *" ads_find_dc: name resolution for realm '' (domain 'GEO') failed: NT_STATUS_NO_LOGON_SERVERS libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'ARMADA' machine_name : 'PANDORA7' domain_name : * domain_name : 'GEO' domain_name_type : JoinDomNameTypeUnknown (0) account_ou : NULL admin_account : '' admin_domain : NULL machine_password : NULL join_flags : 0x000000c1 (193) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) Connecting to 192.168.1.28 at port 445 Connecting to 192.168.1.28 at port 139 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered ../source3/rpc_client/cli_pipe.c:568: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host ARMADA! No realm has been specified! Do you really want to join an Active Directory server? libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'GEO' dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : * domain_sid : S-1-5-21-2068682600-2350025889-3278183345 modified_config : 0x00 (0) error_string : 'failed to join domain 'GEO' over rpc: Access denied' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_ACCESS_DENIED Enter root's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'ARMADA' machine_name : 'PANDORA7' domain_name : * domain_name : 'GEO' domain_name_type : JoinDomNameTypeUnknown (0) account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) Connecting to 192.168.1.28 at port 445 Connecting to 192.168.1.28 at port 139 smb_signing_good: BAD SIG: seq 1 cli_session_setup: NT1 session setup failed: NT_STATUS_ACCESS_DENIED libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to lookup DC info for domain 'GEO' over rpc: Access denied' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_ACCESS_DENIED Failed to join domain: failed to lookup DC info for domain 'GEO' over rpc: Access denied return code = -1
joining Samba into an NT4 domain works like a charm, you just need to configure Samba to be less secure that it's by default these days: require strong key = no client use spnego = no client ipc signing = auto makes this work with recent versions.