Reset Search
 

 

Article

Extreme Control "Failed to join domain: Invalid configuration ("workgroup" set to '<WORKGROUP>', should be '<DOMAIN>')"; "the shortname should be"

« Go Back

Information

 
TitleExtreme Control "Failed to join domain: Invalid configuration ("workgroup" set to '<WORKGROUP>', should be '<DOMAIN>')"; "the shortname should be"
Symptoms
  • tag.log indicates an ERROR attempting to join the configured Active Directory domain.
  • The workgroup shortname is different than what is specified in the User Search Root
2019-06-14 09:29:18,576 ERROR [SambaInstallationManager] Failed to join domain: "EXTREME.NETWORKS" for user: "serviceaccount" with error code: 255
  ADS join did not work, falling back to RPC...
  Failed to join domain: Invalid configuration ("workgroup" set to 'EXTREME', should be 'EXTREMENETWORKS') and configuration modification was not requested
  Failed to join domain: failed to find DC for domain EXTREME - {Operation Failed} The requested operation was unsuccessful.

2019-06-14 09:29:18,576 ERROR [SambaInstallationManager] The error indicates the shortname should be: "EXTREMENETWORKS", reconfiguring for a retry.
2019-06-14 09:29:49,120 INFO [NACInfoLogger] Joined Active Directory Domain: "EXTREME.NETWORKS"
2019-06-14 09:29:49,123 INFO [NACInfoLogger] Operation: restart on winbindd deamon due to NAC startup...
Environment
  • Extreme Control (NAC)
  • All Software Releases
  • Active Directory
  • LDAP
Cause
Extreme Control does not directly support configurations where the workgroup name derived from the User Search Root DC list does not match the LDAP domain name.
Resolution
This is currently working as designed and the system will automatically attempt to reconfigure for the expected workgroup name with minimal impact to servicing client requests.
Additional notes
An example configuration that triggers this scenario:

User Search Root set to CN=Users,DC=extreme,DC=networks translates to workgroup = EXTREME (the first DC) and realm = EXTREME.NETWORKS (all DCs). The Active Directory LDAP domain is configured as EXTREMENETWORKS and accounts are of the format EXTREMENETWORKS\user or user@extreme.networks.

An appliance property exists to override the SMB short name. This will ONLY work if the LDAP configurations in XMC are to ONE / the same domain only.
  1. Navigate to Control -> Access Control -> Engines
  2. Right-click on each engine listed, select Engine Properties.
  3. Click Add.
  4. Enter "RADIUS_SMB_SHORT_DOMAIN_NAME" in the Name field.
  5. Enter the alternative workgroup name in the Value field (i.e. EXTREMENETWORKS above).
  6. Click Save.
  7. Enforce the changes. A restart of the NAC appliance may also be required.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255