LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
Reload this Page [TUTORIAL] AD integration with Ubuntu 14.04 and winbind
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices


Reply
Page 2 of 2 1 2
  Search this Thread
Old 05-07-2015, 12:38 PM   #16
Josh Scott
LQ Newbie
 
Registered: Apr 2015
Location: Boise, ID
Distribution: Debian, Linux Mint, FreeBSD
Posts: 14

Rep: Reputation: Disabled

Quote:
Code:

# wbinfo -u
# wbinfo -g
# wbinfo -i ragekat
# getent passwd
# getent group

all have the expected results, the final step of simply logging in via 'login' isn't accepting the AD credentials.
I'm having the same problem.
 
Old 05-07-2015, 01:53 PM   #17
andreyiv
LQ Newbie
 
Registered: Apr 2015
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by RageKat View Post
...

The only thing that sticks ouot to me is this bit: "Kinit failed: Cannot contact any KDC for requested realm". Double checking the suggested block I have:

Code:
[realms]
 DOMAIN.LOCAL = {
  kdc = dc01.domain.local:88
  default_domain = dc01.domain.local
 }
...which also looks right to me. And even so, if it couldn't reach the domain controller for some reason, then I suspect that

Code:
kinit ragekat@DOMAIN.LOCAL
shouldn't have worked either, but it appears to.

Any thoughts?
I believe all the realms (and only realms) stuff needs to be capitalized (for whatever reason). This leads me to believe that

Code:
kinit ragekat@domain.local
wouldn't work. Curious to see if that's the case. Conversely

Code:
[realms]
 DOMAIN.LOCAL = {
  kdc = DC01.DOMAIN.LOCAL:88
  default_domain = DC01.DOMAIN.LOCAL
 }
should work.

Disclaimer: Take my suggestions with a grain of salt. I have limited experience with AD and have not tried this guide yet. However, I have done a lot of reading in regards to this topic. Unfortunately I can't even begin to remember where I read that realms stuff needs to be capitalized.

Edit: I just re-read the first post and realized that it mentions capitalization.
Last edited by andreyiv; 05-07-2015 at 05:28 PM. Reason: Missed information by not re-reading all the posts in the thread.
 
Old 05-08-2015, 10:29 AM   #18
RageKat
LQ Newbie
 
Registered: Jun 2010
Posts: 5

Rep: Reputation: 0
Well, the guide didn't have it capitalized, hence why I didn't either. Gave it a shot anyway.

Still not working, I'm afraid. For good measure, I tried `ragekat`, `domain\ragekat` and `DOMAIN\ragekat` as possible login names, but none of them took.

Also missing from this guide is a way to restrict logins to a group, and I feel it's possible that might be inclusive rather than exclusive. However, I am a domain admin, so if nothing else, it should at least be letting me on.
 
Old 05-08-2015, 11:07 AM   #19
Josh Scott
LQ Newbie
 
Registered: Apr 2015
Location: Boise, ID
Distribution: Debian, Linux Mint, FreeBSD
Posts: 14

Rep: Reputation: Disabled
I continue to have the problem so I ssh'd in and tailed my /etc/samba/samba.log in realtime:

Quote:
sudo tail -f /etc/samba/samba.log
And watched the tail as I attempted to connect over the network. When attempting to connect, this is what is happening in samba.log:

Quote:
[2015/05/08 09:44:22.949945, 1] ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
Failed to map kerberos principal to system user (NT_STATUS_LOGIN_FAILURE)
So it looks like a kerberos problem, which is weird because 'kinit <domain user>' works, so.. I'm going to continue working on it and will post updates.

Thanks everyone for your input.
 
Old 07-12-2015, 07:07 PM   #20
radicall
LQ Newbie
 
Registered: Jul 2015
Posts: 1

Rep: Reputation: Disabled
I ran into a wierd issue with not being able to join the Domain. I realized that ping wasn't working to FQDN of the Domain Controller or to the Domain Name (domain.local). Found out that any domain ending with .local is used by mDNS and therefore it wasn't using DNS at all but rather broadcasting.

Disabled mDNS
service avahi-daemon stop
systemctl disable avahi-daemon

This got DNS working and then I was able to join the domain. Thanks for the wonderful writeup @rabbit2345
 
Old 06-13-2016, 03:39 PM   #21
kaplan71
Member
 
Registered: Nov 2003
Posts: 809

Rep: Reputation: 39
Hello --

I went through the procedure that you had posted, and it appears to have worked well for me. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. The server in question is an Ubuntu 14.04 LTS 64-bit system with Samba 4.3.9 running on it. I had several follow-up questions:

1. How can I configure an SSH connection to the server that will utilize the active directory login?

2. When the login completes, I encounter the following error messages:

Quote:
Unknown parameter encountered: "netbios"
Ignoring unknown parameter "netbios"
Unknown parameter encountered: "winbind allow trusted domains"
Ignoring unknown parameter "winbind allow trusted domains"
I believe these go back to smb.conf file. I checked the syntax of the two lines within the file, and everything looked fine.

Do you have any thoughts on this?

Thanks.
 
Old 08-29-2017, 08:02 PM   #22
Sree Ram
LQ Newbie
 
Registered: Aug 2017
Posts: 1

Rep: Reputation: Disabled
kinit user@DOMAIN.LOCAL does return password promt.
net ads testjoin returs 'join Ok'

Unfortunately, when I try to login it says 'access denied' with domain users. Configuration seems to be ok to me, how do I go about it?
 
  


Reply
Page 2 of 2 1 2

Tags
active directory, integration, ubuntu 14.04, winbind



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: WordPress and MathJax Integration Tutorial LXer Syndicated Linux News 0 08-02-2013 02:50 PM
LXer: WordPress and reCAPTCHA integration tutorial LXer Syndicated Linux News 0 04-18-2013 05:20 PM
LXer: WordPress and OpenX integration tutorial LXer Syndicated Linux News 0 02-18-2013 07:32 PM
Active Directory Integration (Winbind)-- Cannot find name for group ID grungerokker13 Linux - Server 1 12-08-2011 10:03 AM
Active Directory 2003 Integration (Winbind dead) matthewhardwick Fedora 2 09-16-2006 04:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories

All times are GMT -5. The time now is 08:43 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration