cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to Add and AD Auth Server

SOLVED
Highlighted
Visitor

Unable to Add and AD Auth Server

I get the following error below when trying to add a AD Auth server.

 

Within the TOOLS, it finds the IP address for the domain name, netbios name and the kerbose realm. DNS works, pinging the server works. Everything appears to be accessible. When I turn on the TCP Dump for the interface, nothing samba related or attempts "Reset Join" appear to escape the interface.. The debug TOOLS all appear in the dump, the Probe Kerbose DNS Setup shows up and is successfuI.

 

I do have a case open but haven't heard anything from support in 3 days. Its a brand new device that I was hoping to have deployed by now.  

 

=== Reset Join ===
Clearing samba cache ...[OK]
Performing reset join ...[FAILED]
    Failed to join domain: failed to find DC for domain MI - Undetermined error

 

 

Any ideas folks?

 

Thanks

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Moderator

Re: Unable to Add and AD Auth Server

AD domain join/reset join fails and you don't see any Samba related packets like DNS, Kerberos were recorded on the TCP Dump and it is brand new device....🤔🤔🤔 Gotcha!

 

Please navigate to Authentication >> Auth servers >> Toggle the button that says "Enable Traffic Auth Control" >> Set the type to Global -- Internal port >> Save changes and Try performing a basic verification test/reset join and see if it works. I know it sounds funny but worth giving a shot 😉.

 

Fingers-crossed...🤞🤞🤞

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

2 REPLIES 2
Highlighted
Occasional Contributor

Re: Unable to Add and AD Auth Server

Failed to join domain: failed to find DC for domain MI - Undetermined error

 

This message typically indicates the samba process can't find DC's for the domain (using DNS and broadcast)

 

Strange that you dont see any packets in the tcpdump, are you using any capture filters in the tcpdump? If yes can you clear those.

 

On a related note if this is a new setup I strongly recommend integrating to it using the LDAP auth server option. I prefer LDAP to AD auth server. AD auth server is samba based involves lot of reverse engineering implemntation, quite flaky and almost always a pain to troubleshoot. LDAP is standards based implementation so failry straighforward and more stable

 

Highlighted
Moderator

Re: Unable to Add and AD Auth Server

AD domain join/reset join fails and you don't see any Samba related packets like DNS, Kerberos were recorded on the TCP Dump and it is brand new device....🤔🤔🤔 Gotcha!

 

Please navigate to Authentication >> Auth servers >> Toggle the button that says "Enable Traffic Auth Control" >> Set the type to Global -- Internal port >> Save changes and Try performing a basic verification test/reset join and see if it works. I know it sounds funny but worth giving a shot 😉.

 

Fingers-crossed...🤞🤞🤞

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post