Opensuse 11.0 to join a Windows 2003 Server that has ADS
Every time I try to join my Suse to windows domain
I get message pop up telling me . Failed to join domain. failed to find dc for domain XXXX.LOCAL

Ive tried to tweek settings best i can in samba etc.. But still same message.

I joind SLED and 10.3 with very little issue.. But 11.0 I cant seem to be member of local domain at all.

any ideas etc ?[

Im trying to show certin heads at work what suse can do. So far not wining any nods with these windows users grr

Can you ping the DC?

Yes..

Now course I'm the only SUSE user in among windows users so they have no issue joining and authenticating to the domain.

Can you ping your suse box from the 2003 server? Is the suse box and the server in the same IP range and subnet? Assuming the server has some public shares, what happens when you put smb://ip_address_of_server into your browser on the suse box?

It soon pops up window were I enter my log in info. Then I wait on konq for min then up shows the folders on the server..

I can access the server and folders with no problem I just have to enter my domain log in name and pwd to use the shares etc.Which gets old each time..

But I try and join domain via yast..Failed to join domain. failed to find dc for domain XXXX.LOCAL.

I don't have admin rights to the domain server.. So ive not tried to ping my box from it..

Same problem here!

We have build up a testnetwork:

DC = Windows2008 Server

Client1 = WindowsXP Pro SP3
Client2 = Windows 7
Client3 = MsDOS 6.22 with MSClient and TCP/IP (<-- don't laugh, we need some of these boxes for our production lines)
Client4 = OpenSuse 11.1

All clients joined the AD without problems (MSDos after tweaking the global security a bit).
The only one, that is not able to join is the OpenSuse11.1 box.

I tried YAST --> Network-Services --> Windows Domain Membership (something like that - have to translate from german :-) )

After filling out that form and click proceed, I receive the message, that the linux-box is not a member of the domain and it asks me, if I want to join.
I agree and box shows up, where I have to type in my credentials of a privileged domain account (Administrator).
After a while, I get the same message:
"Failed to join domain. failed to find dc for domain "DOMAINNAME".

I can connect to shares on the DC without problems (after I typed in my name/password combo of a domain account).
Ping works in both directions and as it is just a network for tests, I shut down both firewalls (DC and Linux-Client).

Kerberos auth work fine (I think). I can authenticate with kinit <username> and I receive some informations, when I try klist.

Any ideas? I really need to get that working and I don't want to go back to 10.0, where everything worked like a charm :-)

I will keep eye out on a answer to this as well.

Okay - I solved the problem last night

Here is the short version of what I did (and I verified it on a second OpenSuse 11.1 machine today):

Before you start, make sure, that your network settings are OK and you can ping both machines from all directions
Next make sure that the time for all involved computers is identical (Kerberos is very picky when times differ. That is for security reasons to avoid logins with sniffed packages.)
So it is best to configure ntp to keep the time in sync.

1. register your domain-controller in the machines hosts list via Yast or with editing /etc/hosts
Insert the fully qualified domain name first, then the short name as the alias.

Example:
192.168.1.7 server.domain.com server

2. edit the /etc/resolv.conf and add your DC as a nameserver
nameserver = server.domain.com

3. Open YAST and configure Kerberos.
ATTENTION:
The realm has to be written in capital letters
DOMAIN.COM

4. Configure SAMBA with YAST. Domain controller option is set to none (not PDC or BDC). Workgroupname is your domain.
Edit the /etc/samba/smb.conf and change the security from "users" to "ADS" and add a line "realm = DOMAIN.COM"
Then don't forget to restart the samba server.

5. Execute the following command:
net ads join -U Administrator (<-- use a domain user, that is allowed to add machines to your domain. So why not the Administrator ).

6. Now open YAST and choose the "Windows Domain Membership" option.
Domain membership should be already your domain.
Check "Use smb-information for authentification" and "single sign on for SSH" (if you want it).
After pressing OK, Yast will install winbind and some other necessary packets.

7. Reboot the linux client and go and get a coffee.

8. Now you should see additional options in your logon screen.
<local>, DOMAINNAME, CLIENTNAME
Choose your domain and logon with your domain user account.

Thats it - the rest is finetuning (for example mapping the users home to the domain-controller or something like that).

I will write a longer version of that for my homepage linuxpeter.de as soon as I find some time to do that

When I get the chance I will try that

Bikerpete,
I believe you have more-or-less a complete set of instructions. However when I try them I still cannot join my openSuse client PC to my Win2003 Server. Please clarify your 1-8 step instructions wherever you mention essentially to enter "your" domain... i.e.: Are you referring to the existing client 'workgroup' or the (target) Server? Note: I've tried the instructions both ways, although there are multiple instances for entering domain names... so I would like clarification.
Please advise for this Linux newbie.
Thanks.
Al

Thanks for something I've been intending to solve for so long. Can confirm that it's joined Windows 2003 domain. Previously I had to leave the machine as a WG machine, configuring the workgroup name same as the domain name with the LAN cable unplugged, then plugging it back in once samba was set up.

Hello,

I'd problem with joining at OpenSUSE 11.4. I went thru steps written above, but still unsuccessfully. At the end it helped me to specify target server (parameter -S):

net ads join -U admininstrator -S server.domain.com