Error joining SLES 10 SP2 to Windows 2008 Domain

tikit · 04-07-2010, 01:00 AM

Hi,

I would like to join SLES server to Microsoft Server 2008 Active Directory to enable domain authentication when accessing samba shares. When I run

Code:

net ads join -U administrator

I get the following error

Code:

"Failed to join domain: Improperly formed account name."

I tried the same samba configuration on another server (OpenSuse 11.2) without any problem, so I think it is somehow connected with the Samba version, but I'm not sure. Has anybody experienced this behaviour?

Obtaining Kerberos ticket-granting ticket

Code:

kinit administrator@MYDOMAIN

completed without problem

the package versions on SLES 10 SP2 (x86_64) are following

Code:

samba-3.0.28-0.5
samba-client-3.0.28-0.5
krb5-1.4.3-19.34
krb5-32bit-1.4.3-19.34
krb5-client-1.4.3-19.34

here is the configuration

/etc/samba/smb.conf

Code:

[global]
	workgroup = OUR-DOMAIN
        security = ads
        realm = OUR-DOMAIN
        encrypt passwords = true
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        password server = dc.our-domain 

[public]
        comment = Public Temporary Data
	path = /mnt/public
        read only = No

/etc/krb5.conf

Code:

[libdefaults]
	default_realm = OUR-DOMAIN

[realms]
	OUR-DOMAIN = {
                kdc = dc.our-domain 
		admin_server = dc.our-domain 
	}

[domain_realm]
.OUR-Domain = OUR-DOMAIN
OUR-Domain = OUR-DOMAIN

[logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
    default = SYSLOG:NOTICE:DAEMON

Thanks in advance for for any ideas how to solve that. It would be great if there was a solution without reinstalling the system

Sharaz · 04-07-2010, 06:35 PM

whats the version of the one that working?

i dont join my stations to the domain, but am still able to take advantage of AD logon thru params set in the smb.conf file, you might consider that. but likely, it is the version thats causing the problem. i cant remember the version off the top of mny head, but the version in CentOS/RHEL5 will not work with windows 7, and the version of samba in Fedora 12 will.

3.4.x i think is in FC12?

tikit · 04-08-2010, 02:53 PM

thanks for the reply. the version on this is working is samba 3.4.2-1.1.3.1 (opensuse 11.2). Could you please give me some advice how to enable shares without joining the AD?

Thanks very much

tikit · 04-20-2010, 08:23 AM

I tried reinstall to SLES 11.2. I can now add the server to domain by

Code:

net ads join -U administrator

but when accessing share I get

Code:

check_ntlm_password:  Authentication for user [johny] -> [johny] FAILED with error NT_STATUS_PIPE_DISCONNECTED

. When winbind service is stopped I get

Code:

 Authentication for user [johny] -> [johny] FAILED with error NT_STATUS_INVALID_PARAMETER

Does anybody know what I am doing wrong? Thanks for any hint.

aixuser10 · 05-26-2010, 12:02 PM

I'm having this same problem and do not see a resolution. Were you able to get this resolved?