I am attempting to provide access to Ubuntu shared directories using Active Directory users and group using Samba. I am following this article to install and configure AD and Unix so that access can be provided:
Summary
-
As a part of the installation, I have installed
ntp krb5-user samba(v4.1.6) samba-common smbclient winbind -
I followed the configuration settings as provided in the above article. I have configured
ntp.conf,resolv.conf,krb5.conf,nsswitch.confandsmb.conf. -
After restarting all of the services and while joining the domain using
sudo net ads join -U administrator, I am getting the following error:Failed to join domain: failed to lookup DC info for domain 'CELESTIAL1' over rpc: NT_STATUS_IO_TIMEOUT
Testing
-
I tried to execute
kinit username, the ticket got generated successfully and I was able to verify from command 'klist'. -
I am able to ping the Ubuntu server's IP and the Windows server's IP as well as the domain from both the sides.
-
The services
winbind,nmbd, andsmbdare running as expected. -
I rebooted the Ubuntu machine and AD server, but same error is showing while performing the domain join operation.
Questions
-
What does the
NT_STATUS_IO_TIMEOUTerror indicate? Are there any issues on the Windows Server or on Ubuntu machine? -
How can I join the Ubuntu machine to Active Directory? Are there any steps that I missed that need to be performed to join the domain successfully?
Best Answer
The issue was that there was no entry in
/etc/resolv.conffor AD DNS and hence the machine was pinging to the actual global registered domain. On each reboot, theresolv.confentries gets reset hence we have to provide entry once the system is rebooted.