Did I setup Active Directory correctly? (re: OSX, Linux, Vmware can't join domain)

[jmk396]

I've just installed Active Directory on my Windows 2012 R2 server and my Windows 8/10 machines connect perfectly, but Linux and OSX can't seem to connect.

The AD server's computer name is "DC01" and I used the following commands to install AD:

Install-WindowsFeature AD-Domain-Services –IncludeManagementTools
 
Install-ADDSForest -DomainName "ad.example.com" -DomainNetbiosName "example"  DomainMode Win2008R2 -ForestMode Win2008R2 -InstallDns

If I understand correctly, my active domain FQDN is **ad.example.com**. The domain is real and registered on the internet, but the subdomain doesn't exist anywhere. When I enter the domain to join in Windows 8/10, I enter that name and it joins perfectly. However, when I try any other operating system (OSX, Linux, VMware, etc) it fails.

Does anything look wrong? I'm using the AD server as my DNS server as well.

I'm getting errors such as:

KRB5 Error code: -1765328164 (Message: Cannot resolve network address for KDC in realm EXAMPLE.COM)

 

[Eminence_Front]

Does your AD server have itself listed as the DNS Server ?

It need to be able to resolve all the dc_RPC records, etc. which are present in the Domains DNS.

 

[jmk396]

Yes, the DNS server is listed as 127.0.0.1 on the AD server.

However, it looks like I might have been using the wrong UPN to login ([email protected] instead of [email protected]). When I use the later, it provides me a new error in the log:

20150811200146:VERBOSE:lwio: GSS-API error calling gss_init_sec_context: 1 (The routine must be called again to complete its function)
20150811200146:ERROR:lsass: Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 87, symbol = ERROR_INVALID_PARAMETER, client pid = 34112

I know it's connecting at least partially because if I specify the wrong password it tells me that the password is wrong.

 

[gimp]

are the *nix machines able to ping ad.example.com ?

 

[MrGuvernment]

make sure the other boxes have the DNS set as your DNS/AD box.

 

[JBark]

You might need to enable SMB v1 on 2012 R2 for any non-Windows clients to connect. I think that should be all you need, but there might be a few NTLM type options that need to be changed. Probably depends on how old your Linux/OSX clients are.

Edit:
'Add-WindowsFeature FS-SMB1' I think

 

[Deleted member 12106]

Set the client/linux machine's DNS to the IP of the DC and then try again. If that doesn't do it then I would review post #6. What NTLM level are these nix boxes using?