Can't join Win7 PC to UCS domain controller

UCS - Univention Corporate Server
#1

Very excited to find an alternative to AD on Windows servers!

Just done a clean install of UCS and chosen it to simulate an active directory domain controller. All DHCP/DNS correct etc, but when I use the Win7 wizard to join the domain, it gives the error

no mapping between account names and security ids was done

My current network has no domain controllers and the computer concerned has not been joined to any other domain either. I have created an account for myself but did not create a computer account since I assumed that it would create one automatically as per a Windows AD domain controller…

Perhaps there is something that I still need to configure (other than DHCP, DNS and adding an account)?

Help would be very much appreciated. Thank you

#2

Hey,

you definitely do not have to create the computer account in UCS before joining; that’s done automatically during the join process. The same applies to DNS records.

Judging from the results one gets when searching for your error message I’d first check the domain name you’ve entered in your Windows PC. First log in to the UCS server with SSH (or on its console) and enter the following two commands in order to retrieve the (short) domain name and the Kerberos realm/full domain name:

ucr get windows/domain ucr get kerberos/realm

The value retrieved from “kerberos/realm” is the domain name you have to enter on the Windows side as the new domain name.

On my test server this is the result:

[0 root@master ~] ucr get kerberos/realm MBU-TEST.INTRANET [0 root@master ~] ucr get windows/domain MBU-TEST

Next when prompted for credentials use “administrator” or “short-domainname\administrator” (this would be “MBU-TEST\administrator” in my example) as the user name with the password you’ve chosen during the installation of UCS.

#3

Moritz,

Thank you so much. I did have the domain correct but was trying to use only the username and password that I had created to join the domain which is what I would do when joining a native Windows AD. Using the administrator to join the domain worked fine. I can only guess that in Native AD, users by default can join the domain but in Samba this is not the case.

Thank you again for your help.

Martin

#4

Hm, it’s slightly different, afair. Some versions of Windows Server force you to create a separate user account during installation, that must not be named “Administrator”. This second account will then have all administrative permissions and the original “Administrator” is deactivated.
Samba / UCS just doesn’t do this :slight_smile:

#5

For me the UCR command does not work. I get the error message in the Konsole “bash: ucr: command not found”.

#6

The ucr command is located in /usr/sbin. You’re probably logged with with a regular user, and for those directories such as /sbin and /usr/sbin arent in PATH by default. You can run those commands via their full path, e.g. /usr/sbin/ucr search…

For most operations you’ll have to be root. Prefix the commands with sudo in that case.

Mastodon