On (12/06/17 15:30), Abhijit Tikekar wrote:
Hi,
We recently started facing this error on all new servers that need to be integrated with
AD using SSSD. Every time “net ads join -k” command is issued, following error is
returned:
“Failed to join domain: failed to lookup DC info for domain X.Y.LOCAL' over rpc:
NT_STATUS_CONNECTION_RESET”. [ In the packet capture, we do see reset’s coming from DC]
This errors does not seem to be related to sssd.
This is also happening on servers already connected with AD. Same
error, although since they already have established join, authentication continues to
work. Also, noticed that after doing “net ads keytab create”, keytab file is no longer
getting generated under /etc.
AD team has recently disabled SMB V1 completely on the domain controllers. Could that be
somehow causing this? I tried setting “client max protocol = SMB3” in smb.conf but that
didn’t help.
[ for " net ads keytab add" or " net ads keytab create" it now
says:
Ignoring unknown parameter "client max protocol"]
So is the problem with the utility net from the package samba or with sssd?
LS