'net ads join -U username' failing with an error 'NT_STATUS_IO_TIMEOUT'












2















I am attempting to provide access to Ubuntu shared directories using Active Directory users and group using Samba. I am following this article to install and configure AD and Unix so that access can be provided:



Summary




  1. As a part of the installation, I have installed ntp krb5-user samba(v4.1.6) samba-common smbclient winbind


  2. I followed the configuration settings as provided in the above article. I have configured ntp.conf, resolv.conf, krb5.conf, nsswitch.conf and smb.conf.



  3. After restarting all of the services and while joining the domain using sudo net ads join -U administrator, I am getting the following error:



    Failed to join domain: failed to lookup DC info for domain 'CELESTIAL1' over rpc: NT_STATUS_IO_TIMEOUT




Testing




  1. I tried to execute kinit username, the ticket got generated successfully and I was able to verify from command 'klist'.


  2. I am able to ping the Ubuntu server's IP and the Windows server's IP as well as the domain from both the sides.


  3. The services winbind, nmbd, and smbd are running as expected.


  4. I rebooted the Ubuntu machine and AD server, but same error is showing while performing the domain join operation.



Questions




  1. What does the NT_STATUS_IO_TIMEOUT error indicate? Are there any issues on the Windows Server or on Ubuntu machine?


  2. How can I join the Ubuntu machine to Active Directory? Are there any steps that I missed that need to be performed to join the domain successfully?







ubuntu samba active-directory ntp kerberos







share|improve this question





























    2















    I am attempting to provide access to Ubuntu shared directories using Active Directory users and group using Samba. I am following this article to install and configure AD and Unix so that access can be provided:



    Summary




    1. As a part of the installation, I have installed ntp krb5-user samba(v4.1.6) samba-common smbclient winbind


    2. I followed the configuration settings as provided in the above article. I have configured ntp.conf, resolv.conf, krb5.conf, nsswitch.conf and smb.conf.



    3. After restarting all of the services and while joining the domain using sudo net ads join -U administrator, I am getting the following error:



      Failed to join domain: failed to lookup DC info for domain 'CELESTIAL1' over rpc: NT_STATUS_IO_TIMEOUT




    Testing




    1. I tried to execute kinit username, the ticket got generated successfully and I was able to verify from command 'klist'.


    2. I am able to ping the Ubuntu server's IP and the Windows server's IP as well as the domain from both the sides.


    3. The services winbind, nmbd, and smbd are running as expected.


    4. I rebooted the Ubuntu machine and AD server, but same error is showing while performing the domain join operation.



    Questions




    1. What does the NT_STATUS_IO_TIMEOUT error indicate? Are there any issues on the Windows Server or on Ubuntu machine?


    2. How can I join the Ubuntu machine to Active Directory? Are there any steps that I missed that need to be performed to join the domain successfully?







    ubuntu samba active-directory ntp kerberos







    share|improve this question



























      2












      2








      2








      I am attempting to provide access to Ubuntu shared directories using Active Directory users and group using Samba. I am following this article to install and configure AD and Unix so that access can be provided:



      Summary




      1. As a part of the installation, I have installed ntp krb5-user samba(v4.1.6) samba-common smbclient winbind


      2. I followed the configuration settings as provided in the above article. I have configured ntp.conf, resolv.conf, krb5.conf, nsswitch.conf and smb.conf.



      3. After restarting all of the services and while joining the domain using sudo net ads join -U administrator, I am getting the following error:



        Failed to join domain: failed to lookup DC info for domain 'CELESTIAL1' over rpc: NT_STATUS_IO_TIMEOUT




      Testing




      1. I tried to execute kinit username, the ticket got generated successfully and I was able to verify from command 'klist'.


      2. I am able to ping the Ubuntu server's IP and the Windows server's IP as well as the domain from both the sides.


      3. The services winbind, nmbd, and smbd are running as expected.


      4. I rebooted the Ubuntu machine and AD server, but same error is showing while performing the domain join operation.



      Questions




      1. What does the NT_STATUS_IO_TIMEOUT error indicate? Are there any issues on the Windows Server or on Ubuntu machine?


      2. How can I join the Ubuntu machine to Active Directory? Are there any steps that I missed that need to be performed to join the domain successfully?







      ubuntu samba active-directory ntp kerberos







      share|improve this question
















      I am attempting to provide access to Ubuntu shared directories using Active Directory users and group using Samba. I am following this article to install and configure AD and Unix so that access can be provided:



      Summary




      1. As a part of the installation, I have installed ntp krb5-user samba(v4.1.6) samba-common smbclient winbind


      2. I followed the configuration settings as provided in the above article. I have configured ntp.conf, resolv.conf, krb5.conf, nsswitch.conf and smb.conf.



      3. After restarting all of the services and while joining the domain using sudo net ads join -U administrator, I am getting the following error:



        Failed to join domain: failed to lookup DC info for domain 'CELESTIAL1' over rpc: NT_STATUS_IO_TIMEOUT




      Testing




      1. I tried to execute kinit username, the ticket got generated successfully and I was able to verify from command 'klist'.


      2. I am able to ping the Ubuntu server's IP and the Windows server's IP as well as the domain from both the sides.


      3. The services winbind, nmbd, and smbd are running as expected.


      4. I rebooted the Ubuntu machine and AD server, but same error is showing while performing the domain join operation.



      Questions




      1. What does the NT_STATUS_IO_TIMEOUT error indicate? Are there any issues on the Windows Server or on Ubuntu machine?


      2. How can I join the Ubuntu machine to Active Directory? Are there any steps that I missed that need to be performed to join the domain successfully?







      ubuntu samba active-directory ntp kerberos




      ubuntu samba active-directory ntp kerberos






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Feb 7 '16 at 21:33









      Karl Richter

      92721639




      92721639










      asked Oct 6 '15 at 13:44









      Amit BaswaAmit Baswa

      1114




      1114






















          1 Answer
          1






          active

          oldest

          votes


















          0














          The issue was that there was no entry in /etc/resolv.conf for AD DNS and hence the machine was pinging to the actual global registered domain. On each reboot, the resolv.conf entries gets reset hence we have to provide entry once the system is rebooted.






          share|improve this answer


























          • Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

            – edhurtig
            Jun 25 '16 at 3:51













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f982951%2fnet-ads-join-u-username-failing-with-an-error-nt-status-io-timeout%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          The issue was that there was no entry in /etc/resolv.conf for AD DNS and hence the machine was pinging to the actual global registered domain. On each reboot, the resolv.conf entries gets reset hence we have to provide entry once the system is rebooted.






          share|improve this answer


























          • Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

            – edhurtig
            Jun 25 '16 at 3:51


















          0














          The issue was that there was no entry in /etc/resolv.conf for AD DNS and hence the machine was pinging to the actual global registered domain. On each reboot, the resolv.conf entries gets reset hence we have to provide entry once the system is rebooted.






          share|improve this answer


























          • Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

            – edhurtig
            Jun 25 '16 at 3:51
















          0












          0








          0







          The issue was that there was no entry in /etc/resolv.conf for AD DNS and hence the machine was pinging to the actual global registered domain. On each reboot, the resolv.conf entries gets reset hence we have to provide entry once the system is rebooted.






          share|improve this answer















          The issue was that there was no entry in /etc/resolv.conf for AD DNS and hence the machine was pinging to the actual global registered domain. On each reboot, the resolv.conf entries gets reset hence we have to provide entry once the system is rebooted.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 7 '16 at 18:54









          Karl Richter

          92721639




          92721639










          answered Oct 9 '15 at 8:26









          Amit BaswaAmit Baswa

          1114




          1114













          • Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

            – edhurtig
            Jun 25 '16 at 3:51





















          • Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

            – edhurtig
            Jun 25 '16 at 3:51



















          Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

          – edhurtig
          Jun 25 '16 at 3:51







          Alternatively, you can provide a dns-nameservers in /etc/network/interfaces or use some other persistent way of storing preferred DNS servers

          – edhurtig
          Jun 25 '16 at 3:51




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f982951%2fnet-ads-join-u-username-failing-with-an-error-nt-status-io-timeout%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          How to reconfigure Docker Trusted Registry 2.x.x to use CEPH FS mount instead of NFS and other traditional...

          Image
          0 I am having trouble trying to reconfigure my DTR container to try and use a CEPH FS mount we created to act as a storage backend for our image repository. The Docs are very vague on this and nothing exactly explains on how to do it. Has anyone yet connected the dots? linux filesystems mount storage docker share | improve this question asked Feb 1 at 6:40 jRapp3r jRapp3r 1 1 add a comment  | 
          Read more

          is 'sed' thread safe

          Image
          2 If I have a shell/python script that uses sed to modify a file in place based on user inputs, and then two users run the same script at the same time or approx. same time, is 'sed' thread safe ? Or perhaps it is not an issue because the file_descripor that was opened by the first thread will be used to lock the file anyway ? thx linux sed python share | improve this question edited 7 hours ago Jeff Schaller 42.9k 11 59 137 asked 7 hours ago terreys terreys
          Read more

          How to make a Squid Proxy server?

          Image
          1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
          Read more