Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Kerberos seems to be working as the following command works:
Code:
kinit -V administrator@my.windows.domain
Password for administrator@my.windows.domain:
Authenticated to Kerberos v5
As do these:
Code:
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@my.windows.domain
Valid starting Expires Service principal
04/03/07 08:55:11 04/03/07 15:35:11 krbtgt/my.windows.domain@my.windows.domain
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
net ads info
Failed to get server's current time!
LDAP server: my.servers.ip
LDAP server name: my.servers.ldap.name
Realm: my.windows.domain
Bind Path: dc=mydc1,dc=mydc2,dc=mydc3,dc=mydc4
LDAP port: 389
Server time: Wed, 31 Dec 1969 19:00:00 EST
KDC server: my.servers.ip
Server time offset: 0
net ads lookup
Information for Domain Controller: 64.72.0.87
Response Type: SAMLOGON
GUID: my-GUID
Flags:
Is a PDC: yes
Is a GC of the forest: yes
Is an LDAP server: yes
Supports DS: yes
Is running a KDC: yes
Is running time services: yes
Is the closest DC: yes
Is writable: yes
Has a hardware clock: no
Is a non-domain NC serviced by LDAP server: no
Forest: my.domain.name
Domain: my.domain.name
Domain Controller: my.domain.controller.name
Pre-Win2k Domain: pre.win2k.domain.name
Pre-Win2k Hostname: pre.win2k.host.name
Site Name: Default-First-Site-Name
Site Name (2): Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
The computer has never been joined to the domain before and it's name is not under AD Users/Computers to delete.
Any suggestions as to where to look or a possible solution?
Did some further digging and found that the service winbind isn't running. I ran a "service winbind start" and it said it started but it's not running. I don't see it in the "ps ax | less" output.
I checked the log and this is what I have:
Code:
[2007/04/03 10:05:14, 1] nsswitch/winbindd.c:main(953)
winbindd version 3.0.24-3.fc6 started.
Copyright The Samba Team 2000-2004
[2007/04/03 10:05:14, 0] nsswitch/winbindd_util.c:init_domain_list(518)
Could not fetch our SID - did we join?
[2007/04/03 10:05:14, 0] nsswitch/winbindd.c:main(1051)
unable to initalize domain list
net ads testjoin -U administrator@my.windows.domain
It yeilded the following results:
Code:
[2007/04/04 09:37:07, 0] libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password MYSAMBASERVER$@MY.WINDOWS.DOMAIN failed: Clients credentials have been revoked
[2007/04/04 09:37:07, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Clients credentials have been revoked
Join to domain is not valid
The above error was because someone tried helping me by adding the computer account to the AD and then deleted it. I have since set my machine up with a new host name and this is the "net ads testjoin" output:
Code:
[2007/04/04 10:07:25, 0] libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password MY.NEW.HOSTNAME$@MY.WINDOWS.DOMAIN failed: Client not found in Kerberos database
[2007/04/04 10:07:25, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Client not found in Kerberos database
Join to domain is not valid
I also looked in /var/log/samba/log.wb-MYWINDOWSDOMAIN and found:
The command I needed to run to join the domain was:
Code:
net ads join -S 64.72.0.87 -U Administrator%<my windows admin password>
This initially didn't work due to the fact that my password contained special characters like the single quote character " ' ". This would dump me to the familiar Linux prompt ">" as Linux was expecting more input.
I changed my Windows Admin Password and voila! I Joined my Domain.
I hope all my investigating helps someone else out in the future.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.