Problems getting a linux server to join a AD domain

schilling schilling2006 at gmail.com
Thu Oct 28 21:31:58 CEST 2010 

put server string = MAT-DESKTOP

On Thu, Oct 28, 2010 at 3:24 PM, Rowley, Mathew
<Mathew_Rowley at cable.comcast.com> wrote:
> $ hostname
> mat-desktop.security.lab.net
>
>
> Short name is just mat-desktop
>
>
>
> Mathew Rowley
> IIS Network Security Architecture
>
>
>
>
>
> On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu>
> wrote:
>
>>I have to ask ... but what is your server's name?  The error is saying
>>that the name is incompatible with AD, do you have and special
>>characters, any spaces, or any other weirdness in you server's name?
>>
>>Jake Sallee
>>Godfather Of Bandwidth
>>Network Engineer
>>
>>Fone: 254-295-4658
>>Phax: 254-295-4221
>>
>>
>>-----Original Message-----
>>From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
>>[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
>>rg] On Behalf Of Rowley, Mathew
>>Sent: Thursday, October 28, 2010 1:33 PM
>>To: freeradius-users at lists.freeradius.org
>>Subject: Problems getting a linux server to join a AD domain
>>
>>In an attempt to integrate Radius with AD, and following the tutorial
>>(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT
>>O) I have set up an AD server in our lab, and having trouble adding my
>>linux box to the domain. Can anyone see what im doing wrong? The error I
>>keep getting is:
>>
>>$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo]
>>password for wuntee:
>>Enter Administrator's password:
>>[2010/10/28 12:23:36.656829,  0]
>>utils/net_rpc_join.c:406(net_rpc_join_newstyle)
>>  Error in domain join verification (credential setup failed):
>>NT_STATUS_INVALID_COMPUTER_NAME
>>
>>Unable to join domain SECLAB.
>>
>>
>>Kerberos seems to work fine:
>>
>>$ kinit mrowle000
>>Password for mrowle000 at SECLAB.SECURITY.LAB.NET:
>>$ klist
>>Ticket cache: FILE:/tmp/krb5cc_1000
>>Default principal: mrowle000 at SECLAB.SECURITY.LAB.NET
>>
>>Valid starting     Expires            Service principal
>>10/28/10 12:27:29  10/28/10 22:27:23
>>krbtgt/SECLAB.SECURITY.LAB.NET at SECLAB.SECURITY.LAB.NET
>>renew until 10/29/10 12:27:29
>>
>>
>>CONFIGS:
>>
>>krb5.conf
>>[logging]
>> default = FILE:/var/log/krb5libs.log
>> kdc = FILE:/var/log/krb5kdc.log
>> kdc = SYSLOG:INFO:AUTH
>> admin_server = FILE:/var/log/kadmind.log  admin_server =
>>SYSLOG:INFO:AUTH
>>
>>[libdefaults]
>> default_realm = SECLAB.SECURITY.LAB.NET  dns_lookup_realm = false
>>dns_lookup_kdc = false  ticket_lifetime = 24h  forwardable = yes
>>
>>[appdefaults]
>> pam = {
>>   debug = false
>>   ticket_lifetime = 36000
>>   renew_lifetime = 36000
>>   forwardable = true
>>   krb4_convert = false
>> }
>>
>>[realms]
>>SECLAB.SECURITY.LAB.NET = {
>> kdc = seclab.security.lab.net:88
>> default_domain = seclab.secuitry.lab.net }
>>
>>[domain_realm]
>>.seclab.security.lab.net = SECLAB.SECURITY.LAB.NET
>>seclab.security.lab.net = SECLAB.SECURITY.LAB.NET
>>
>>
>>Samba.conf
>>[global]
>>   workgroup = SECLAB.SECURITY.LAB.NET
>>   server string = %h server (Samba, Ubuntu)
>>   dns proxy = no
>>   log file = /var/log/samba/log.%m
>>   max log size = 1000
>>   syslog = 0
>>   panic action = /usr/share/samba/panic-action %d
>>   security = ads
>>   encrypt passwords = true
>>   passdb backend = tdbsam
>>   obey pam restrictions = yes
>>   unix password sync = yes
>>   passwd program = /usr/bin/passwd %u
>>   passwd chat = *Enter\snew\s*\spassword:* %n\n
>>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>   pam password change = yes
>>   map to guest = bad user
>>   idmap uid = 16777216-33554431
>>   idmap gid = 16777216-33554431
>>   template shell = /bin/bash
>>   winbind use default domain = no
>>   password server = seclab.security.lab.net //your AD-server
>>   realm = SECLAB.SECURITY.LAB.NET //your real
>>   usershare allow guests = yes
>>
>>[homes]
>>   comment = Home Directories
>>   browseable = no
>>   writable = yes
>>
>>[printers]
>>   comment = All Printers
>>   browseable = no
>>   path = /var/spool/samba
>>   printable = yes
>>   guest ok = no
>>   read only = yes
>>   create mask = 0700
>>
>>[print$]
>>   comment = Printer Drivers
>>   path = /var/lib/samba/printers
>>   browseable = yes
>>   read only = yes
>>   guest ok = no
>>
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list