Joining Active Directory Domain
Gilmour, Scott
sgilmour at enterasys.com
Tue Jan 31 20:41:16 CET 2012
> Hi,
>
> I am following the FreeRadius Beginners Guide book on how to
>
> join a domain. I keep on getting this error when running the command.
>
> root at FreeRadius:/etc# net ads join -U Administrator
>
> Enter Administrator's password:
>
> Using short domain name -- SQA
>
> Joined 'FREERADIUS' to realm 'SQA.net'
>
> [2012/01/31 10:21:29, 0] libads/kerberos.c:333(ads_kinit_password)
>
> kerberos_kinit_password FREERADIUS$@SQA.NET failed: Clock skew too great
>
> No DNS domain configured for freeradius. Unable to perform DNS Update.
>
> DNS update failed!
This is Samba being annoying.
The "net ads" stuff "cares" about your hostname, i.e.
$ hostname
freeradius
...won't work. You can fool it by temporarily changing your domain to:
$ hostname freeradius.soa.net
Hi,
I am assuming I should edit the $ hostname freeradius.sqa.net in the /etc/hostname file?
The only config file I don't have is the krbd5 config file but it ays it is not necessary in the www.deployingradius.com website.
You may also have to edit the /etc/krb5.conf file, to add an entry that points to the Active Directory Server. This is often not necessary, as Samba can just "figure it out" when Active Directory is also the main DNS server.
I am unable to installthe krdb5-kdc file using the synaptic package manager.
Still getting this error:
root at FreeRadius:/home/sqauser# net join -U Administrator
Enter Administrator's password:
Failed to join domain: failed to find DC for domain SQA.NET
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain SQA
Unable to find a suitable server for domain SQA
root at FreeRadius:/home/sqauser#
Thanks for everyones feedback. I will continue to debug my issue.
Scott
More information about the Freeradius-Users
mailing list