LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 07-29-2008, 12:42 PM   #1
sirscott44
LQ Newbie
 
Registered: Jul 2008
Location: ohio
Distribution: PCLOS, GRANULAR1,OPENSUSE
Posts: 4

Rep: Reputation: 0
Failed to join domain


Opensuse 11.0 to join a Windows 2003 Server that has ADS
Every time I try to join my Suse to windows domain
I get message pop up telling me . Failed to join domain. failed to find dc for domain XXXX.LOCAL

Ive tried to tweek settings best i can in samba etc.. But still same message.

I joind SLED and 10.3 with very little issue.. But 11.0 I cant seem to be member of local domain at all.

any ideas etc ?[

Im trying to show certin heads at work what suse can do. So far not wining any nods with these windows users grr
 
Old 08-02-2008, 01:36 AM   #2
ajef101272
LQ Newbie
 
Registered: Apr 2006
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 17

Rep: Reputation: 0
Can you ping the DC?
 
Old 08-03-2008, 12:30 PM   #3
sirscott
LQ Newbie
 
Registered: Nov 2004
Location: Zanesville Ohio
Distribution: PCLinuxOS, OpenSuse, Vista,Windows7
Posts: 13

Rep: Reputation: 0
Yes..

Now course I'm the only SUSE user in among windows users so they have no issue joining and authenticating to the domain.
 
Old 08-04-2008, 02:20 AM   #4
ajef101272
LQ Newbie
 
Registered: Apr 2006
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 17

Rep: Reputation: 0
Can you ping your suse box from the 2003 server? Is the suse box and the server in the same IP range and subnet? Assuming the server has some public shares, what happens when you put smb://ip_address_of_server into your browser on the suse box?

Last edited by ajef101272; 08-04-2008 at 02:21 AM. Reason: superfluous word
 
Old 08-05-2008, 08:19 AM   #5
sirscott44
LQ Newbie
 
Registered: Jul 2008
Location: ohio
Distribution: PCLOS, GRANULAR1,OPENSUSE
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ajef101272 View Post
Can you ping your suse box from the 2003 server? Is the suse box and the server in the same IP range and subnet? Assuming the server has some public shares, what happens when you put smb://ip_address_of_server into your browser on the suse box?


It soon pops up window were I enter my log in info. Then I wait on konq for min then up shows the folders on the server..

I can access the server and folders with no problem I just have to enter my domain log in name and pwd to use the shares etc.Which gets old each time..

But I try and join domain via yast..Failed to join domain. failed to find dc for domain XXXX.LOCAL.

I don't have admin rights to the domain server.. So ive not tried to ping my box from it..
 
Old 08-13-2009, 08:32 AM   #6
Bikerpete
Member
 
Registered: Jun 2003
Location: Germany
Distribution: OpenSuSE, SLES, Debian, Ubuntu, Eisfair
Posts: 79

Rep: Reputation: 15
Same problem here!

We have build up a testnetwork:

DC = Windows2008 Server

Client1 = WindowsXP Pro SP3
Client2 = Windows 7
Client3 = MsDOS 6.22 with MSClient and TCP/IP (<-- don't laugh, we need some of these boxes for our production lines)
Client4 = OpenSuse 11.1

All clients joined the AD without problems (MSDos after tweaking the global security a bit).
The only one, that is not able to join is the OpenSuse11.1 box.

I tried YAST --> Network-Services --> Windows Domain Membership (something like that - have to translate from german :-) )

After filling out that form and click proceed, I receive the message, that the linux-box is not a member of the domain and it asks me, if I want to join.
I agree and box shows up, where I have to type in my credentials of a privileged domain account (Administrator).
After a while, I get the same message:
"Failed to join domain. failed to find dc for domain "DOMAINNAME".

I can connect to shares on the DC without problems (after I typed in my name/password combo of a domain account).
Ping works in both directions and as it is just a network for tests, I shut down both firewalls (DC and Linux-Client).

Kerberos auth work fine (I think). I can authenticate with kinit <username> and I receive some informations, when I try klist.

Any ideas? I really need to get that working and I don't want to go back to 10.0, where everything worked like a charm :-)
 
Old 08-14-2009, 12:20 AM   #7
sirscott
LQ Newbie
 
Registered: Nov 2004
Location: Zanesville Ohio
Distribution: PCLinuxOS, OpenSuse, Vista,Windows7
Posts: 13

Rep: Reputation: 0
Quote:
Originally Posted by Bikerpete View Post
Same problem here!

We have build up a testnetwork:

DC = Windows2008 Server

Client1 = WindowsXP Pro SP3
Client2 = Windows 7
Client3 = MsDOS 6.22 with MSClient and TCP/IP (<-- don't laugh, we need some of these boxes for our production lines)
Client4 = OpenSuse 11.1

All clients joined the AD without problems (MSDos after tweaking the global security a bit).
The only one, that is not able to join is the OpenSuse11.1 box.

I tried YAST --> Network-Services --> Windows Domain Membership (something like that - have to translate from german :-) )

After filling out that form and click proceed, I receive the message, that the linux-box is not a member of the domain and it asks me, if I want to join.
I agree and box shows up, where I have to type in my credentials of a privileged domain account (Administrator).
After a while, I get the same message:
"Failed to join domain. failed to find dc for domain "DOMAINNAME".

I can connect to shares on the DC without problems (after I typed in my name/password combo of a domain account).
Ping works in both directions and as it is just a network for tests, I shut down both firewalls (DC and Linux-Client).

Kerberos auth work fine (I think). I can authenticate with kinit <username> and I receive some informations, when I try klist.

Any ideas? I really need to get that working and I don't want to go back to 10.0, where everything worked like a charm :-)
I will keep eye out on a answer to this as well.
 
Old 08-16-2009, 04:39 AM   #8
Bikerpete
Member
 
Registered: Jun 2003
Location: Germany
Distribution: OpenSuSE, SLES, Debian, Ubuntu, Eisfair
Posts: 79

Rep: Reputation: 15
Lightbulb Solved!!!

Okay - I solved the problem last night

Here is the short version of what I did (and I verified it on a second OpenSuse 11.1 machine today):

Before you start, make sure, that your network settings are OK and you can ping both machines from all directions
Next make sure that the time for all involved computers is identical (Kerberos is very picky when times differ. That is for security reasons to avoid logins with sniffed packages.)
So it is best to configure ntp to keep the time in sync.

1. register your domain-controller in the machines hosts list via Yast or with editing /etc/hosts
Insert the fully qualified domain name first, then the short name as the alias.

Example:
192.168.1.7 server.domain.com server

2. edit the /etc/resolv.conf and add your DC as a nameserver
nameserver = server.domain.com

3. Open YAST and configure Kerberos.
ATTENTION:
The realm has to be written in capital letters
DOMAIN.COM

4. Configure SAMBA with YAST. Domain controller option is set to none (not PDC or BDC). Workgroupname is your domain.
Edit the /etc/samba/smb.conf and change the security from "users" to "ADS" and add a line "realm = DOMAIN.COM"
Then don't forget to restart the samba server.

5. Execute the following command:
net ads join -U Administrator (<-- use a domain user, that is allowed to add machines to your domain. So why not the Administrator ).

6. Now open YAST and choose the "Windows Domain Membership" option.
Domain membership should be already your domain.
Check "Use smb-information for authentification" and "single sign on for SSH" (if you want it).
After pressing OK, Yast will install winbind and some other necessary packets.

7. Reboot the linux client and go and get a coffee.

8. Now you should see additional options in your logon screen.
<local>, DOMAINNAME, CLIENTNAME
Choose your domain and logon with your domain user account.

Thats it - the rest is finetuning (for example mapping the users home to the domain-controller or something like that).

I will write a longer version of that for my homepage linuxpeter.de as soon as I find some time to do that
 
Old 08-16-2009, 02:48 PM   #9
sirscott
LQ Newbie
 
Registered: Nov 2004
Location: Zanesville Ohio
Distribution: PCLinuxOS, OpenSuse, Vista,Windows7
Posts: 13

Rep: Reputation: 0
When I get the chance I will try that
 
Old 11-15-2009, 11:06 AM   #10
alnuemann
LQ Newbie
 
Registered: Nov 2009
Posts: 5

Rep: Reputation: 0
Bikerpete,
I believe you have more-or-less a complete set of instructions. However when I try them I still cannot join my openSuse client PC to my Win2003 Server. Please clarify your 1-8 step instructions wherever you mention essentially to enter "your" domain... i.e.: Are you referring to the existing client 'workgroup' or the (target) Server? Note: I've tried the instructions both ways, although there are multiple instances for entering domain names... so I would like clarification.
Please advise for this Linux newbie.
Thanks.
Al
 
Old 02-19-2010, 06:45 PM   #11
jqbarry
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
Works

Thanks for something I've been intending to solve for so long. Can confirm that it's joined Windows 2003 domain. Previously I had to leave the machine as a WG machine, configuring the workgroup name same as the domain name with the LAN cable unplugged, then plugging it back in once samba was set up.
 
Old 05-12-2011, 04:21 AM   #12
honyczek
LQ Newbie
 
Registered: Oct 2007
Posts: 1

Rep: Reputation: 0
net ads server parameter

Hello,

I'd problem with joining at OpenSUSE 11.4. I went thru steps written above, but still unsuccessfully. At the end it helped me to specify target server (parameter -S):

net ads join -U admininstrator -S server.domain.com
 
  


Reply

Tags
dc, directory, domain, join, kerberos, opensuse, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to join domain linux6699 Linux - Newbie 6 07-09-2008 09:32 AM
Unable to join domain using Net Join command in FC3 client jeb083079 Linux - Networking 9 07-30-2007 02:41 AM
Windows virtual machine can't join domain using bridging on Linux host (RPC failed) bgottesman Linux - Networking 0 07-10-2007 05:09 PM
Help using 'net join' to join a windows domain Wapo Linux - Networking 1 04-28-2006 02:30 AM
How to join a NT Domain caddalyst Linux - Networking 2 04-27-2004 04:34 PM


All times are GMT -5. The time now is 11:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration