LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Error joining SLES 10 SP2 to Windows 2008 Domain (https://www.linuxquestions.org/questions/linux-server-73/error-joining-sles-10-sp2-to-windows-2008-domain-800502/)

tikit 04-07-2010 01:00 AM
Error joining SLES 10 SP2 to Windows 2008 Domain
 
Hi,

I would like to join SLES server to Microsoft Server 2008 Active Directory to enable domain authentication when accessing samba shares. When I run
Code:
net ads join -U administrator
I get the following error
Code:
"Failed to join domain: Improperly formed account name."
I tried the same samba configuration on another server (OpenSuse 11.2) without any problem, so I think it is somehow connected with the Samba version, but I'm not sure. Has anybody experienced this behaviour?

Obtaining Kerberos ticket-granting ticket
Code:
kinit administrator@MYDOMAIN
completed without problem

the package versions on SLES 10 SP2 (x86_64) are following
Code:
samba-3.0.28-0.5
samba-client-3.0.28-0.5
krb5-1.4.3-19.34
krb5-32bit-1.4.3-19.34
krb5-client-1.4.3-19.34
here is the configuration

/etc/samba/smb.conf
Code:
[global]
        workgroup = OUR-DOMAIN
        security = ads
        realm = OUR-DOMAIN
        encrypt passwords = true
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        password server = dc.our-domain

[public]
        comment = Public Temporary Data
        path = /mnt/public
        read only = No
/etc/krb5.conf
Code:
[libdefaults]
        default_realm = OUR-DOMAIN

[realms]
        OUR-DOMAIN = {
                kdc = dc.our-domain
                admin_server = dc.our-domain
        }

[domain_realm]
.OUR-Domain = OUR-DOMAIN
OUR-Domain = OUR-DOMAIN

[logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
    default = SYSLOG:NOTICE:DAEMON
Thanks in advance for for any ideas how to solve that. It would be great if there was a solution without reinstalling the system

Sharaz 04-07-2010 06:35 PM
whats the version of the one that working?

i dont join my stations to the domain, but am still able to take advantage of AD logon thru params set in the smb.conf file, you might consider that. but likely, it is the version thats causing the problem. i cant remember the version off the top of mny head, but the version in CentOS/RHEL5 will not work with windows 7, and the version of samba in Fedora 12 will.

3.4.x i think is in FC12?

tikit 04-08-2010 02:53 PM
thanks for the reply. the version on this is working is samba 3.4.2-1.1.3.1 (opensuse 11.2). Could you please give me some advice how to enable shares without joining the AD?

Thanks very much

tikit 04-20-2010 08:23 AM
I tried reinstall to SLES 11.2. I can now add the server to domain by
Code:
net ads join -U administrator
but when accessing share I get
Code:
check_ntlm_password:  Authentication for user [johny] -> [johny] FAILED with error NT_STATUS_PIPE_DISCONNECTED
. When winbind service is stopped I get
Code:
Authentication for user [johny] -> [johny] FAILED with error NT_STATUS_INVALID_PARAMETER
Does anybody know what I am doing wrong? Thanks for any hint.

aixuser10 05-26-2010 12:02 PM
Did you get this resolved?
 
I'm having this same problem and do not see a resolution. Were you able to get this resolved?


All times are GMT -5. The time now is 12:55 AM.