Author Topic: [SOLVED] I am facing a weired problem while join client to zentyal 3 domain.  (Read 15939 times)

Luke

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +3/-0
    • View Profile
Hello,
 
I am facing a weired problem while join client to zentyal 3 domain.
 
I get following following error message:
 
"The join operation was not successful. The could be because an existing computer account having the name xxxx was previously created using a different set of credentials. Use a different computer name or contact your administrator to remove any stale conflicting raccount. The error was: Access is denied."
« Last Edit: March 12, 2013, 04:01:21 pm by Luke »

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #1 on: March 10, 2013, 01:50:39 am »
Have you previously added this machine or another machine under the same name or is this some form of upgrade scenario from a previous version of zentyal?

In any case just in case this is a stale reference to the machine you can try completely removing any details from the samba LDAP db with the following command.

sudo ldbdel -H /opt/samba4/private/sam.ldb " CN=<YOUR WINDOWS MACHINE HOST NAME IN CAPS>,CN=Computers,DC=yourdomain,DC=xyz"

ie if your machine was grumpyknackker.wibbly.lan then it would be "CN=GRUMPYKNACKKER,CN=Computers,DC=wibbly,DC=lan"

You can also see if there are any other references to your machine with the following command:

sudo ldbsearch -H /opt/samba4/private/sam.ldb "*" | grep -i <your machine name>

Following this drop your machine out to a workgroup (if it's in some other lan) then reattatch it under a different name
« Last Edit: March 10, 2013, 01:52:16 am by fatbob »

Luke

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +3/-0
    • View Profile
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #2 on: March 10, 2013, 10:58:38 am »
Hi!

Thanks for you reply.

We have used Zentyal 2.X for many years without any problem, a week ago the old server crashed and we replaced it with a new one with zentyal 3. So the installation is completely new.

I will try the information that you gave and see whats going on.

Thank you again.

christian

  • Guest
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #3 on: March 10, 2013, 12:08:53 pm »
Main difference between Zentyal 2.n and Zentyal 3.0 is Samba moving from 3.n to 4
Samba 4 aims at emulating "real" Windows domain while Samba 3 (and therefore Zentyal 2.n) was much more like workgroup.

This means that with Zentyal 3.0, your computer registers, thus need for admin account and less flexible process.
On the other hand, this gives you access to Microsoft Windows features like GPOs, kerberos...

Luke

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +3/-0
    • View Profile
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #4 on: March 11, 2013, 12:05:59 pm »
Hi again!

Thankyou both for the answers but i am still in trouble to get this to work. Is there anyone who have a clue? what could be the problem. Thankyou again.

christian

  • Guest
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #5 on: March 11, 2013, 12:24:05 pm »
"access denied" looks like you need to join domain using domain admin account.
Did you search this forum for similar question/issue. There is quite a lot of post related to problems while joining "Windows like" domain.

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #6 on: March 11, 2013, 01:44:02 pm »
Ensure that you are using the realm as the domain name when connecting this is given on the file sharing, general settings tab

Ensure that the user you are using to join the domain is in the Domain Admins group on the Zentyal box. There is already a user called Administrator on there but you may need to change the password.

You need to ensure the time is synced with the server before you try and authenticate, this is important for Kerberos.
Issue an "ipconfig /release" followed by an "ipconfig /renew" then enter "net time \\<zentyal server name> /set /yes" and then try and join.

Luke

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +3/-0
    • View Profile
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #7 on: March 11, 2013, 03:41:48 pm »
appreciate the time you have spent to help me, i managed to join the domain only with the built in administrator account. Not with the accounts i have added manually to the "Domain Admins" group.

 

Luke

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +3/-0
    • View Profile
Re: I am facing a weired problem while join client to zentyal 3 domain.
« Reply #8 on: March 12, 2013, 03:59:57 pm »
Reinstalled the server and updated everything and it seems that everything is working like expected now. Thanks zentyal team. And thanks to everyone in this forum for the help.