Ubuntu 8.04 to SBS 2003 Active Directory authentication problems
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ubuntu 8.04 to SBS 2003 Active Directory authentication problems
I have been following the ActiveDirectoryHowto and have installed all the modules, but when I try to specify the LDAP server I get the following error
ldapsearch -h ubunserve1.zoeftigco.local
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> ldapsearch -h zoeftserve.zoeftigco.local
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
My ubuntu machine is called ubunserve1 and I thought this would be the ldap server but when that didn't work I tried zoeftserve which is the name of my SBS 2003 server.
I have not installed any Windows services for Unix in zoeftserve as the Howto suggests that this may not be necessary. Could this be the problem?
Do you have both the smbd and nmbd services running on the Linux box? Samba/Windows nearly always requires netbios name lookups working which requires nmbd.
I've looked through all the packages installed and searched for both smbd and nmbd but I can find neither. Do these have to be installed separately from Samba or are they part of the samba installation which I have failed to install correctly?
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/sbin/nmbd -a -x /usr/sbin/smbd || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba daemons"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
if [ "$NMBD_DISABLED" != 'Yes' ]; then
log_progress_msg "nmbd"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd -- -D
then
log_end_msg 1
exit 1
fi
fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D; then
log_end_msg 1
exit 1
fi
fi
start-stop-daemon --stop --quiet --pidfile $NMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by nmbd itself IMHO.)
rm -f $NMBDPID
fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
start-stop-daemon --stop --quiet --pidfile $SMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by smbd itself IMHO.)
rm -f $SMBDPID
fi
fi
Please see below logs from sign-on today. It looks like both services are running; nmbd looks to have successfully completed its task but smbd failed to create administrators or users. I don't need CUPS on my server, so I'm not concerned about those lines. These logs came from /var/log/samba.
[2008/09/24 12:13:12, 0] smbd/server.c:main(944)
smbd version 3.0.28a started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2008/09/24 12:13:12, 0] param/loadparm.c:map_parameter(2794)
Unknown parameter encountered: "revalidate"
[2008/09/24 12:13:12, 0] param/loadparm.c:lp_do_parameter(3535)
Ignoring unknown parameter "revalidate"
[2008/09/24 12:13:12, 1] param/loadparm.c:lp_do_parameter(3541)
WARNING: The "only user" option is deprecated
[2008/09/24 12:13:12, 0] printing/print_cups.c:cups_connect(69)
Unable to connect to CUPS server localhost:631 - Connection refused
[2008/09/24 12:13:12, 0] printing/print_cups.c:cups_connect(69)
Unable to connect to CUPS server localhost:631 - Connection refused
[2008/09/24 12:14:06, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/09/24 12:14:06, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/09/24 12:13:12, 0] nmbd/nmbd.c:main(711)
Netbios nameserver version 3.0.28a started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2008/09/24 12:18:53, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
*****
Samba name server UBUNSERVE1 is now a local master browser for workgroup WORKGROUP on subnet 192.168.0.105
In addition I looked at the /var/log/likewise-open and found these entries for the ubuntu server
[2008/09/24 12:18:11, 0] winbindd/winbindd_dual.c:async_request_timeout_handler(183)
async_request_timeout_handler: child pid 4883 is not responding. Closing connection to it.
[2008/09/24 12:18:11, 1] winbindd/winbindd_util.c:trustdom_recv(258)
Could not receive trustdoms
And these for the Domain Controller which may be the most significant except that I don't know what to do to set up a KDC in my SBS2003 server if that is where it should be.
[2008/09/24 12:13:30, 0] libsmb/cliconnect.c:cli_session_setup_spnego(856)
Kinit failed: Cannot contact any KDC for requested realm
Hi Again,
I'm still very much the newbie but I guess I'm learning!
After studying loads of stuff on the forums, I got the ubuntu community docs for Samba/Kerberos and ActiveDirectoryWinbindHowto and worked very carefully through them. They are excellent, well they must be because I have now successfully joined my ubuntu sever box to my local domain and I can see all the AD users from the Ubuntu server.
So I guess this thread can now be closed.
However, for any other struggling ubuntu newbies out there who want to join their samba server to a Win2k3 server AD domain, the links are:-
To all those forum users who looked at this thread Thank You even if you didn't add to it, at least you took the time. And to any newbie who reads this and goes on to make a successful union between Active Directory and Ubuntu, I hope this was useful.
Hi Again,
I'm still very much the newbie but I guess I'm learning!
After studying loads of stuff on the forums, I got the ubuntu community docs for Samba/Kerberos and ActiveDirectoryWinbindHowto and worked very carefully through them. They are excellent, well they must be because I have now successfully joined my ubuntu sever box to my local domain and I can see all the AD users from the Ubuntu server.
So I guess this thread can now be closed.
However, for any other struggling ubuntu newbies out there who want to join their samba server to a Win2k3 server AD domain, the links are:-
To all those forum users who looked at this thread Thank You even if you didn't add to it, at least you took the time. And to any newbie who reads this and goes on to make a successful union between Active Directory and Ubuntu, I hope this was useful.
Cliffsur
Progress is only made outside your comfort zone.
Hey Cliffsur,
This is great stuff.
Sorry I didn't see this thread sooner so that I could've helped you out but there is great pride in independently solving problems. :-)
Let me know if you have any other questions that I can answer for you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.