Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

jordiFIB

30 Posts

1392

December 12th, 2017 03:00

Joining VNX 5300 NAS to a samba4 Active directory

Hi,

Trying to join a VNX 5300 NAS to a samba4 Active directory. I could create de cifs_server and add it to the domain with the following commands:

server_cifs server_2 -add compname=PAXAD,domain=stark.DOMAIN,interface=paxad

server_cifs server_2 -Join compname=PAXAD,domain=stark.DOMAIN,admin=administrator,ou="ou=Computers"

Also I attached a share to the cifs server with native mount, but if I try to access to the share with another computer added to the domain I can't, and in the VNX logs I get:

SMB: 3: SSXAK=LOGON_FAILURE Client=X.X.X.X origin=510 stat=0x0,39756033

SMB: 3: getServerGUID failed for paxad@STARK.DOMAIN

KERBEROS: 3: acquire_accept_cred: Failed to get keytab entry for principal CIFS/paxad.stark.DOMAIN@STARK.DOMAIN - error No principal in keytab matches desired name (39756033)

KERBEROS: 3: last message repeated 1 times

Also when I tried to access from another clients:

SMB: 3: Cannot build kerbPAC Client=X.X.X.X Asn1Error=1859794438 origin=0x20

SMB: 3: last message repeated 73 times

I could join windows (8,10) computers to the domain without problems.

What can I try to make it working?

Thanks,

Rainer_EMC

4 Operator

 • 

8.6K Posts

December 12th, 2017 07:00

Hi,

smells like Kerberos & SPN problem

I would suggest the usual:

- make sure you have the latest VNX OE installed

- check the knowledgebase

- look at the DM log files - it should also show whether the join worked or not

- get more info from server_cifs, server_cifssupport, ...

- check DNS and SPN's

or create a service request

might need network traces

jordiFIB

30 Posts

December 13th, 2017 01:00

Thanks for your response. I'll try to give you more information.

- make sure you have the latest VNX OE installed.

How I can download latest VNX OE? Thanks!

- check the knowledgebase:

I checked but I didn't found a problem similar to mine.

I found similar posts and I know I have to activate:

-'allow pre-Windows 2000 computers to use this account' checkbox is selected when joining the server to the Windows 2000 domain.

-Created DNS entries and Computer entry.

-Use a user with enough permissions to join the domain (in this case I used Administrator).

Now, I'm stucked.

- look at the DM log files - it should also show whether the join worked or not

The join worked and said the command succeeded, the computer is created and modified by VNX in the AD.

"SMB: 6: New GUID value for compname=paxad@STARK.DomainName: 2fef4bae-c44b-4dff-95fc-XX

SMB: 6: DomainJoin compname=PAXAD domain=DomainName DC=miaja.stark.DomainName IP=X.X.X.X was successful

ADMIN: 6: Command succeeded: domjoin compname=PAXAD domain=DomainName admin=administrator password=******************************************** ou="ou=Computers" init"

But later there is this error:

"User=STARK\PAXAD$ auth(FTP). failed, new attempt using:NTLMV2"

- get more info from server_cifs, server_cifssupport, ...

$ server_cifssupport server_2 -pingdc -compname X.X.X.X

server_2 : done

PINGDC GENERAL INFORMATION

DC SERVER:

Netbios name  : MIAJA

CIFS SERVER :

Compname      : paxad

Domain        : DomainName

Error 13160939577: server_2 : compname paxad DC=MIAJA Step='Lookup privileges'   'Cannot lookup privilege' ntStatus='NO_SUCH_PRIVILEGE'.

- check DNS and SPN's

The DNS of the Active directory has the name of the computer and it resolves it.

How can I check SPNs?

Thank you for your collaboration.

jordiFIB

30 Posts

December 14th, 2017 04:00

Hi,

The VNX version for file is 7.1.76-4.

Do you know if there is any issue about this version and Windows 2012 Active Directory?

Thanks!

Sandra

Was this post helpful?

View All

No Events found!

Top