Problems getting a linux server to join a AD domain

Rowley, Mathew Mathew_Rowley at cable.comcast.com
Thu Oct 28 21:49:06 CEST 2010 

It would make sense that was the issue due to:

   server string = %h server (Samba, Ubuntu)

but still getting the same error:

$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator
Enter Administrator's password:
[2010/10/28 13:40:07.929859,  0]
utils/net_rpc_join.c:406(net_rpc_join_newstyle)
  Error in domain join verification (credential setup failed):
NT_STATUS_INVALID_COMPUTER_NAME
  
Unable to join domain SECLAB.


$ grep 'server name' /etc/samba/smb.conf
$ grep 'server string' /etc/samba/smb.conf
server string = MAT-DESKTOP
# server string is the equivalent of the NT Description field
#   server string = %h server (Samba, Ubuntu)






On 10/28/10 1:31 PM, "schilling" <schilling2006 at gmail.com> wrote:

>put server string = MAT-DESKTOP
>
>On Thu, Oct 28, 2010 at 3:24 PM, Rowley, Mathew
><Mathew_Rowley at cable.comcast.com> wrote:
>> $ hostname
>> mat-desktop.security.lab.net
>>
>>
>> Short name is just mat-desktop
>>
>>
>>
>> Mathew Rowley
>> IIS Network Security Architecture
>>
>>
>>
>>
>>
>> On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu>
>> wrote:
>>
>>>I have to ask ... but what is your server's name?  The error is saying
>>>that the name is incompatible with AD, do you have and special
>>>characters, any spaces, or any other weirdness in you server's name?
>>>
>>>Jake Sallee
>>>Godfather Of Bandwidth
>>>Network Engineer
>>>
>>>Fone: 254-295-4658
>>>Phax: 254-295-4221
>>>
>>>
>>>-----Original Message-----
>>>From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
>>>[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
>>>rg] On Behalf Of Rowley, Mathew
>>>Sent: Thursday, October 28, 2010 1:33 PM
>>>To: freeradius-users at lists.freeradius.org
>>>Subject: Problems getting a linux server to join a AD domain
>>>
>>>In an attempt to integrate Radius with AD, and following the tutorial
>>>(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT
>>>O) I have set up an AD server in our lab, and having trouble adding my
>>>linux box to the domain. Can anyone see what im doing wrong? The error I
>>>keep getting is:
>>>
>>>$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo]
>>>password for wuntee:
>>>Enter Administrator's password:
>>>[2010/10/28 12:23:36.656829,  0]
>>>utils/net_rpc_join.c:406(net_rpc_join_newstyle)
>>>  Error in domain join verification (credential setup failed):
>>>NT_STATUS_INVALID_COMPUTER_NAME
>>>
>>>Unable to join domain SECLAB.
>>>
>>>
>>>Kerberos seems to work fine:
>>>
>>>$ kinit mrowle000
>>>Password for mrowle000 at SECLAB.SECURITY.LAB.NET:
>>>$ klist
>>>Ticket cache: FILE:/tmp/krb5cc_1000
>>>Default principal: mrowle000 at SECLAB.SECURITY.LAB.NET
>>>
>>>Valid starting     Expires            Service principal
>>>10/28/10 12:27:29  10/28/10 22:27:23
>>>krbtgt/SECLAB.SECURITY.LAB.NET at SECLAB.SECURITY.LAB.NET
>>>renew until 10/29/10 12:27:29
>>>
>>>
>>>CONFIGS:
>>>
>>>krb5.conf
>>>[logging]
>>> default = FILE:/var/log/krb5libs.log
>>> kdc = FILE:/var/log/krb5kdc.log
>>> kdc = SYSLOG:INFO:AUTH
>>> admin_server = FILE:/var/log/kadmind.log  admin_server =
>>>SYSLOG:INFO:AUTH
>>>
>>>[libdefaults]
>>> default_realm = SECLAB.SECURITY.LAB.NET  dns_lookup_realm = false
>>>dns_lookup_kdc = false  ticket_lifetime = 24h  forwardable = yes
>>>
>>>[appdefaults]
>>> pam = {
>>>   debug = false
>>>   ticket_lifetime = 36000
>>>   renew_lifetime = 36000
>>>   forwardable = true
>>>   krb4_convert = false
>>> }
>>>
>>>[realms]
>>>SECLAB.SECURITY.LAB.NET = {
>>> kdc = seclab.security.lab.net:88
>>> default_domain = seclab.secuitry.lab.net }
>>>
>>>[domain_realm]
>>>.seclab.security.lab.net = SECLAB.SECURITY.LAB.NET
>>>seclab.security.lab.net = SECLAB.SECURITY.LAB.NET
>>>
>>>
>>>Samba.conf
>>>[global]
>>>   workgroup = SECLAB.SECURITY.LAB.NET
>>>   server string = %h server (Samba, Ubuntu)
>>>   dns proxy = no
>>>   log file = /var/log/samba/log.%m
>>>   max log size = 1000
>>>   syslog = 0
>>>   panic action = /usr/share/samba/panic-action %d
>>>   security = ads
>>>   encrypt passwords = true
>>>   passdb backend = tdbsam
>>>   obey pam restrictions = yes
>>>   unix password sync = yes
>>>   passwd program = /usr/bin/passwd %u
>>>   passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>   pam password change = yes
>>>   map to guest = bad user
>>>   idmap uid = 16777216-33554431
>>>   idmap gid = 16777216-33554431
>>>   template shell = /bin/bash
>>>   winbind use default domain = no
>>>   password server = seclab.security.lab.net //your AD-server
>>>   realm = SECLAB.SECURITY.LAB.NET //your real
>>>   usershare allow guests = yes
>>>
>>>[homes]
>>>   comment = Home Directories
>>>   browseable = no
>>>   writable = yes
>>>
>>>[printers]
>>>   comment = All Printers
>>>   browseable = no
>>>   path = /var/spool/samba
>>>   printable = yes
>>>   guest ok = no
>>>   read only = yes
>>>   create mask = 0700
>>>
>>>[print$]
>>>   comment = Printer Drivers
>>>   path = /var/lib/samba/printers
>>>   browseable = yes
>>>   read only = yes
>>>   guest ok = no
>>>
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>>>http://www.freeradius.org/list/users.html
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>>>http://www.freeradius.org/list/users.html
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list