Problems getting a linux server to join a AD domain

schilling schilling2006 at gmail.com
Thu Oct 28 22:03:21 CEST 2010 

add netbios-name = MAT-DESKTOP

That's what we have here.

On Thu, Oct 28, 2010 at 3:49 PM, Rowley, Mathew
<Mathew_Rowley at cable.comcast.com> wrote:
> It would make sense that was the issue due to:
>
>   server string = %h server (Samba, Ubuntu)
>
> but still getting the same error:
>
> $ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator
> Enter Administrator's password:
> [2010/10/28 13:40:07.929859,  0]
> utils/net_rpc_join.c:406(net_rpc_join_newstyle)
>  Error in domain join verification (credential setup failed):
> NT_STATUS_INVALID_COMPUTER_NAME
>
> Unable to join domain SECLAB.
>
>
> $ grep 'server name' /etc/samba/smb.conf
> $ grep 'server string' /etc/samba/smb.conf
> server string = MAT-DESKTOP
> # server string is the equivalent of the NT Description field
> #   server string = %h server (Samba, Ubuntu)
>
>
>
>
>
>
> On 10/28/10 1:31 PM, "schilling" <schilling2006 at gmail.com> wrote:
>
>>put server string = MAT-DESKTOP
>>
>>On Thu, Oct 28, 2010 at 3:24 PM, Rowley, Mathew
>><Mathew_Rowley at cable.comcast.com> wrote:
>>> $ hostname
>>> mat-desktop.security.lab.net
>>>
>>>
>>> Short name is just mat-desktop
>>>
>>>
>>>
>>> Mathew Rowley
>>> IIS Network Security Architecture
>>>
>>>
>>>
>>>
>>>
>>> On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu>
>>> wrote:
>>>
>>>>I have to ask ... but what is your server's name?  The error is saying
>>>>that the name is incompatible with AD, do you have and special
>>>>characters, any spaces, or any other weirdness in you server's name?
>>>>
>>>>Jake Sallee
>>>>Godfather Of Bandwidth
>>>>Network Engineer
>>>>
>>>>Fone: 254-295-4658
>>>>Phax: 254-295-4221
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
>>>>[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
>>>>rg] On Behalf Of Rowley, Mathew
>>>>Sent: Thursday, October 28, 2010 1:33 PM
>>>>To: freeradius-users at lists.freeradius.org
>>>>Subject: Problems getting a linux server to join a AD domain
>>>>
>>>>In an attempt to integrate Radius with AD, and following the tutorial
>>>>(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT
>>>>O) I have set up an AD server in our lab, and having trouble adding my
>>>>linux box to the domain. Can anyone see what im doing wrong? The error I
>>>>keep getting is:
>>>>
>>>>$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo]
>>>>password for wuntee:
>>>>Enter Administrator's password:
>>>>[2010/10/28 12:23:36.656829,  0]
>>>>utils/net_rpc_join.c:406(net_rpc_join_newstyle)
>>>>  Error in domain join verification (credential setup failed):
>>>>NT_STATUS_INVALID_COMPUTER_NAME
>>>>
>>>>Unable to join domain SECLAB.
>>>>
>>>>
>>>>Kerberos seems to work fine:
>>>>
>>>>$ kinit mrowle000
>>>>Password for mrowle000 at SECLAB.SECURITY.LAB.NET:
>>>>$ klist
>>>>Ticket cache: FILE:/tmp/krb5cc_1000
>>>>Default principal: mrowle000 at SECLAB.SECURITY.LAB.NET
>>>>
>>>>Valid starting     Expires            Service principal
>>>>10/28/10 12:27:29  10/28/10 22:27:23
>>>>krbtgt/SECLAB.SECURITY.LAB.NET at SECLAB.SECURITY.LAB.NET
>>>>renew until 10/29/10 12:27:29
>>>>
>>>>
>>>>CONFIGS:
>>>>
>>>>krb5.conf
>>>>[logging]
>>>> default = FILE:/var/log/krb5libs.log
>>>> kdc = FILE:/var/log/krb5kdc.log
>>>> kdc = SYSLOG:INFO:AUTH
>>>> admin_server = FILE:/var/log/kadmind.log  admin_server =
>>>>SYSLOG:INFO:AUTH
>>>>
>>>>[libdefaults]
>>>> default_realm = SECLAB.SECURITY.LAB.NET  dns_lookup_realm = false
>>>>dns_lookup_kdc = false  ticket_lifetime = 24h  forwardable = yes
>>>>
>>>>[appdefaults]
>>>> pam = {
>>>>   debug = false
>>>>   ticket_lifetime = 36000
>>>>   renew_lifetime = 36000
>>>>   forwardable = true
>>>>   krb4_convert = false
>>>> }
>>>>
>>>>[realms]
>>>>SECLAB.SECURITY.LAB.NET = {
>>>> kdc = seclab.security.lab.net:88
>>>> default_domain = seclab.secuitry.lab.net }
>>>>
>>>>[domain_realm]
>>>>.seclab.security.lab.net = SECLAB.SECURITY.LAB.NET
>>>>seclab.security.lab.net = SECLAB.SECURITY.LAB.NET
>>>>
>>>>
>>>>Samba.conf
>>>>[global]
>>>>   workgroup = SECLAB.SECURITY.LAB.NET
>>>>   server string = %h server (Samba, Ubuntu)
>>>>   dns proxy = no
>>>>   log file = /var/log/samba/log.%m
>>>>   max log size = 1000
>>>>   syslog = 0
>>>>   panic action = /usr/share/samba/panic-action %d
>>>>   security = ads
>>>>   encrypt passwords = true
>>>>   passdb backend = tdbsam
>>>>   obey pam restrictions = yes
>>>>   unix password sync = yes
>>>>   passwd program = /usr/bin/passwd %u
>>>>   passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>>   pam password change = yes
>>>>   map to guest = bad user
>>>>   idmap uid = 16777216-33554431
>>>>   idmap gid = 16777216-33554431
>>>>   template shell = /bin/bash
>>>>   winbind use default domain = no
>>>>   password server = seclab.security.lab.net //your AD-server
>>>>   realm = SECLAB.SECURITY.LAB.NET //your real
>>>>   usershare allow guests = yes
>>>>
>>>>[homes]
>>>>   comment = Home Directories
>>>>   browseable = no
>>>>   writable = yes
>>>>
>>>>[printers]
>>>>   comment = All Printers
>>>>   browseable = no
>>>>   path = /var/spool/samba
>>>>   printable = yes
>>>>   guest ok = no
>>>>   read only = yes
>>>>   create mask = 0700
>>>>
>>>>[print$]
>>>>   comment = Printer Drivers
>>>>   path = /var/lib/samba/printers
>>>>   browseable = yes
>>>>   read only = yes
>>>>   guest ok = no
>>>>
>>>>
>>>>-
>>>>List info/subscribe/unsubscribe? See
>>>>http://www.freeradius.org/list/users.html
>>>>
>>>>-
>>>>List info/subscribe/unsubscribe? See
>>>>http://www.freeradius.org/list/users.html
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>>http://www.freeradius.org/list/users.html
>>>
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list