I have installed Samba server 3.2.11 on Suse sles10. I am using Microsoft Windows 2003 (Enterprise Edition SP1) for Active directory service. When security is 'domain', If I try to join the domain by using host name for 'password server', it works fine. But, the join fails when I use IP address. My smb.conf look like this: ---------------------------- [global] realm = SFSQA.COM netbios name = brajesh server string = Scalable File Server workgroup = SFSQA security = domain preferred master = no domain master = no local master = no encrypt passwords = yes password server = 10.209.110.210 idmap uid = 10000-20000 idmap gid = 10000-20000 idmap backend = idmap_rid:SFSQA=10000-20000 allow trusted domains = no load printers = no printcap name = /dev/null disable spoolss = yes winbind enum users = yes winbind enum groups = yes winbind use default domain = yes log level = 5 passdb:3 auth:3 winbind:3 log file = /var/log/samba/log.%m browseable = yes lanman auth = no ntlm auth = yes obey pam restrictions = yes kernel change notify = no dos filemode = yes host msdfs = yes ldap admin dn = ldap suffix = ldap idmap suffix = ou=cifsidmap map to guest = Bad User username map = /opt/VRTSnasgw/conf/smbusers.map netbios aliases = interfaces = wins support = no I am also posting here command output with debuglevel=4 brajesh_01 # net rpc join -I 10.209.110.210 -U administrator -w sfsqa.com --debuglevel=4 [2009/11/16 05:08:06, 3] param/loadparm.c:lp_load_ex(8753) lp_load_ex: refreshing parameters [2009/11/16 05:08:06, 3] param/loadparm.c:init_globals(4597) Initialising global parameters [2009/11/16 05:08:06, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2009/11/16 05:08:06, 3] param/loadparm.c:do_section(7416) Processing section "[global]" doing parameter realm = SFSQA.COM doing parameter netbios name = brajesh [2009/11/16 05:08:06, 4] param/loadparm.c:handle_netbios_name(6764) handle_netbios_name: set global_myname to: BRAJESH doing parameter server string = Scalable File Server doing parameter workgroup = SFSQA doing parameter security = domain doing parameter preferred master = no doing parameter domain master = no doing parameter local master = no doing parameter encrypt passwords = yes doing parameter password server = 10.209.110.210 doing parameter idmap uid = 10000-20000 doing parameter idmap gid = 10000-20000 doing parameter idmap backend = idmap_rid:SFSQA=10000-20000 doing parameter allow trusted domains = no doing parameter load printers = no doing parameter printcap name = /dev/null doing parameter disable spoolss = yes doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind use default domain = yes doing parameter log level = 5 passdb:3 auth:3 winbind:3 doing parameter log file = /var/log/samba/log.%m doing parameter browseable = yes doing parameter lanman auth = no doing parameter ntlm auth = yes doing parameter obey pam restrictions = yes doing parameter kernel change notify = no doing parameter dos filemode = yes doing parameter host msdfs = yes doing parameter ldap admin dn = doing parameter ldap suffix = doing parameter ldap idmap suffix = ou=cifsidmap doing parameter map to guest = Bad User doing parameter username map = /opt/VRTSnasgw/conf/smbusers.map doing parameter netbios aliases = doing parameter interfaces = doing parameter wins support = no [2009/11/16 05:08:06, 4] param/loadparm.c:lp_load_ex(8797) pm_process() returned Yes [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth0 ip=fe80::210:18ff:fe28:6c0c%pubeth0 bcast=fe80::ffff:ffff:ffff:ffff%pubeth0 netmask=ffff:ffff:ffff:ffff:: [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth1 ip=fe80::210:18ff:fe28:6c16%pubeth1 bcast=fe80::ffff:ffff:ffff:ffff%pubeth1 netmask=ffff:ffff:ffff:ffff:: [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface priveth1 ip=fe80::21d:9ff:fe0a:9170%priveth1 bcast=fe80::ffff:ffff:ffff:ffff%priveth1 netmask=ffff:ffff:ffff:ffff:: [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface priveth0 ip=fe80::21d:9ff:fe0a:9172%priveth0 bcast=fe80::ffff:ffff:ffff:ffff%priveth0 netmask=ffff:ffff:ffff:ffff:: [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth1 ip=10.209.105.148 bcast=10.209.107.255 netmask=255.255.252.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth1:0 ip=10.209.105.154 bcast=10.209.107.255 netmask=255.255.252.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface priveth0:1 ip=172.30.174.1 bcast=172.30.174.255 netmask=255.255.255.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface priveth0:0 ip=172.30.174.2 bcast=172.30.174.255 netmask=255.255.255.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface priveth0 ip=172.30.174.66 bcast=172.30.174.255 netmask=255.255.255.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth0 ip=10.209.105.147 bcast=10.209.107.255 netmask=255.255.252.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth0:1 ip=10.209.105.152 bcast=10.209.107.255 netmask=255.255.252.0 [2009/11/16 05:08:06, 2] lib/interface.c:add_interface(340) added interface pubeth0:0 ip=10.209.105.155 bcast=10.209.107.255 netmask=255.255.252.0 [2009/11/16 05:08:06, 3] libsmb/cliconnect.c:cli_start_connection(1651) Connecting to host=10.209.110.210 [2009/11/16 05:08:06, 3] lib/util_sock.c:open_socket_out(1400) Connecting to 10.209.110.210 at port 445 [2009/11/16 05:08:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine 10.209.110.210 pipe \lsarpc fnum 0x400b bind request returned ok. [2009/11/16 05:08:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine 10.209.110.210 pipe \NETLOGON fnum 0x8007 bind request returned ok. [2009/11/16 05:08:06, 3] libsmb/trusts_util.c:just_change_the_password(52) just_change_the_password: unable to setup creds (NT_STATUS_INVALID_COMPUTER_NAME)! [2009/11/16 05:08:06, 1] utils/net_rpc.c:run_rpc_command(181) rpc command function failed! (NT_STATUS_INVALID_COMPUTER_NAME) Enter administrator's password: [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_start_connection(1651) Connecting to host=10.209.110.210 [2009/11/16 05:08:11, 3] lib/util_sock.c:open_socket_out(1400) Connecting to 10.209.110.210 at port 445 [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(823) Doing spnego session setup (blob length=107) [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 48018 1 2 2 [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 113554 1 2 2 [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 2 840 113554 1 2 2 3 [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(850) got OID=1 3 6 1 4 1 311 2 2 10 [2009/11/16 05:08:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(858) got principal=sfsqa_ad$@SFSQA.COM [2009/11/16 05:08:11, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) Got challenge flags: [2009/11/16 05:08:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/11/16 05:08:11, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) NTLMSSP: Set final flags: [2009/11/16 05:08:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/11/16 05:08:11, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/11/16 05:08:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/11/16 05:08:11, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine 10.209.110.210 pipe \lsarpc fnum 0x8003 bind request returned ok. [2009/11/16 05:08:11, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine 10.209.110.210 pipe \samr fnum 0x8004 bind request returned ok. [2009/11/16 05:08:11, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine 10.209.110.210 pipe \NETLOGON fnum 0x8005 bind request returned ok. [2009/11/16 05:08:11, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(396) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain SFSQA. [2009/11/16 05:08:11, 2] utils/net.c:main(1172) return code = 1 My main concern is, when security is 'ads', domain join works with both host name and IP address. But, when security is 'domain', join only works with host name.
There's not much we can do about that. Samba needs to know the DC's name, not only its IP address. It might be a documentation bug, but it is not a code bug. Sorry, Volker