Is this 3.x ? Is the problem resolved?

Is it 2003 or 2008 AD? Which SP ?

Thanks

This was in 2.2.1. I'll see about trying 3.x in the next couple weeks & post what happens.

I am seeing this error in 3.0.2 community edition. I have a solid 3x domain controller setup that is working perfectly in production, but the NexentaStor appliance consistently throws:

failed to find any domain controllers

My srv record is good:

dig @128.yyy.zzz.x ldap.tcp.dc._msdcs.csde.washington.edu SRV +short 0 100 389 CSDE-DC2.csde.washington.edu. 0 100 389 csde-dc3.csde.washington.edu. 0 100 389 csde-dc1.csde.washington.edu.

My DNS entries map forwards and backwards.... what the heck is going on?

ok.... spoke to soon - I changed the IP to a different Domain controller and changed the username from admin to MYDOMAIN\admin, applied, then changed it back to just admin and it worked.

Weird

-Matt

I'm also having the issue under 3.0.2. I've got two DCs, both of which have valid ldap.tcp.dc._msdcs.mydomain.local records. I've got no issues joining Windows clients to the domain.

Using "administrator" as the user name results in a long pause, followed by "Unable to join AD domain: failed to find any domain controllers for mydomain.local". Using "MYDOMAIN\administrator" results in an immediate "kinit(v5): Client not found in Kerberos database while getting initial credentials". Using "administrator@mydomain.local" returns "kinit(v5): KDC reply did not match expectations while getting initial credentials".

Can anyone provide guidance?

Ok, figured it out.

option expert_mode=1 -s !bash sharectl set -p lmauth_level=2 smb

Once that was done I could join AD. The manual says that the sharectl command was only required for 2008 Domains but that seems to be inaccurate. It is required when talking to 2008 domain controllers, regardless of the functional level of the domain (which in my case is 2003).

Forum ate the code... Let's try it as an unordered list...

• option expert_mode=1 -s
• !bash
• sharectl set -p lmauth_level=2 smb

Jason Litka wrote:

Forum ate the code... Let's try it as an unordered list...

• option expert_mode=1 -s
• !bash
• sharectl set -p lmauth_level=2 smb

I'm having the same problem as you guys. I'm trying NexentaStor in a VM environment, have all CIFS stuff turned off, nothing shared out of the VM at all. I have rights to join the appliance to AD, and DNS is setup correctly... DNS and AD are same server. However, when I try, I get: May 28 11:38:17 nexenta smbd[460]: [ID 232655 daemon.notice] ldap_modify: Insufficient access May 28 11:38:17 nexenta smbd[460]: [ID 702911 daemon.notice] Failed to modify the workstation trust account. May 28 11:38:17 nexenta smbd[460]: [ID 871254 daemon.error] smbd: failed joining DOMAIN.EXAMPLE.COM (UNSUCCESSFUL)

The domain admin insists he pre-created the machine account in AD and gave me rights to join. Right now, I'm just typing my credentials in as "user"... should they be "DOMAIN\user"?

On 05/28/2010 09:08 AM, NexentaStor.org wrote:

http://www.nexentastor.org/boards/2/topics/52 Christopher Hearn

Jason Litka wrote:

Forum ate the code... Let's try it as an unordered list...

• option expert_mode=1 -s
• !bash
• sharectl set -p lmauth_level=2 smb

I'm having the same problem as you guys. I'm trying NexentaStor in a VM environment, have all CIFS stuff turned off, nothing shared out of the VM at all. I have rights to join the appliance to AD, and DNS is setup correctly... DNS and AD are same server. However, when I try, I get: May 28 11:38:17 nexenta smbd[460]: [ID 232655 daemon.notice] ldap_modify: Insufficient access May 28 11:38:17 nexenta smbd[460]: [ID 702911 daemon.notice] Failed to modify the workstation trust account. May 28 11:38:17 nexenta smbd[460]: [ID 871254 daemon.error] smbd: failed joining DOMAIN.EXAMPLE.COM (UNSUCCESSFUL)

The domain admin insists he pre-created the machine account in AD and gave me rights to join. Right now, I'm just typing my credentials in as "user"... should they be "DOMAIN\user"?

Ensure that computer object permissions are set on AD server side..

Dmitry Yusupov wrote:

On 05/28/2010 09:08 AM, NexentaStor.org wrote:

http://www.nexentastor.org/boards/2/topics/52 Christopher Hearn

Jason Litka wrote:

Forum ate the code... Let's try it as an unordered list...

• option expert_mode=1 -s
• !bash
• sharectl set -p lmauth_level=2 smb

I'm having the same problem as you guys. I'm trying NexentaStor in a VM environment, have all CIFS stuff turned off, nothing shared out of the VM at all. I have rights to join the appliance to AD, and DNS is setup correctly... DNS and AD are same server. However, when I try, I get: May 28 11:38:17 nexenta smbd[460]: [ID 232655 daemon.notice] ldap_modify: Insufficient access May 28 11:38:17 nexenta smbd[460]: [ID 702911 daemon.notice] Failed to modify the workstation trust account. May 28 11:38:17 nexenta smbd[460]: [ID 871254 daemon.error] smbd: failed joining DOMAIN.EXAMPLE.COM (UNSUCCESSFUL)

The domain admin insists he pre-created the machine account in AD and gave me rights to join. Right now, I'm just typing my credentials in as "user"... should they be "DOMAINuser"?

Ensure that computer object permissions are set on AD server side..

Domain admin insists they are. Do I need certain permissions?