LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-15-2009, 06:17 AM   #1
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Host is not configured as a member server: Samba joining Windows 2003 AD


Hello all,

Wanting to join my CentOS5.3 to a windows 2003 active directory.
Configured kerberos and samba.

Code:
[libdefaults]
 default_realm = domain
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
 default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
 default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

[realms]
  domain = {
  kdc = <ip>:88
  admin_server = <ip>:749
  default_domain = domain
 }
Code:
[global]
netbios name = IB
workgroup = domain
realm = domain.com
encrypt passwords = yes
security = ADS
password server = <ad server ip>
log level = 3
Code:
net ads join -U administrator@domain
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: Invalid domain role
Any ideas.
 
Old 10-16-2009, 02:44 AM   #2
Forrest Coredump
Member
 
Registered: Oct 2009
Location: Southwestern United States
Distribution: Redhat Enterprise Linux 4-5 (Current RHCE), Fedora Core 11 (FC11), Arch Linux, BT3 (Current GCIH)
Posts: 42

Rep: Reputation: 16
First of all, your going to need to enable a name service for this to work properly (wins or prefereably DNS). I would look there before anything else. Can you do a kinit <username> on the system you trying to join to AD (test your kerberos setup)? Are you running SELinux?

It would be helpful if you could post the output to the following (attempt to join with additional debug output). Redact your personal info you don't want posted ;-)

net ads join -D 5 -S <domain controllers IP address> -U administrator


A few other things to note, though most likely unrelated to this problem,

1.) Check you time on both servers, too much drift will cause the operation to fail
2.) Don't forget your /etc/krb5.conf /etc/pam.d, and /etc/nssswitch.conf, /etc/hosts settings
3.) Either winbind, or a correct win username-linux uid mapping

An excellent resource is below:
http://www.stuartellis.eu/articles/l...#prerequisites

Last edited by Forrest Coredump; 10-16-2009 at 03:13 AM.
 
Old 10-16-2009, 05:07 AM   #3
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Original Poster
Rep: Reputation: Disabled
I have finally joined the squid machine to windows 2003 active directory domain with LikeWise. And it shows up in AD server. DNS is already configured and working fine. I can nslookup the hostnames.
I can use kinit and time on both the machines are similar.

This is the output of net ads join

Code:
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: Invalid domain role
 
Old 10-16-2009, 07:10 AM   #4
Forrest Coredump
Member
 
Registered: Oct 2009
Location: Southwestern United States
Distribution: Redhat Enterprise Linux 4-5 (Current RHCE), Fedora Core 11 (FC11), Arch Linux, BT3 (Current GCIH)
Posts: 42

Rep: Reputation: 16
This is probably the most obvious of them all (permissions issue). Did you pre-statge the machine account in AD? In some instance that's necessary (when insufficient priviliges, or naming issues prevent automatic account creation). Go to your default computer OU in AD and create a machine account matching the name of your linux box in DNS.

Retry the "net ads join"

My guess is that's all that's wrong here...
 
Old 10-20-2009, 01:29 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Original Poster
Rep: Reputation: Disabled
I do have those. DNS has the entry for squid machine with the same name as the OU in the AD. I can login using my domain account in squid. So I guess Like Wise has worked and added it to domain successfully. And squid shows in the AD.
 
Old 10-20-2009, 05:37 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Original Poster
Rep: Reputation: Disabled
I yum removed samba, removed all the samba files, yum installed samba, configured samba again and it is working now. I just hope ntlm works as well without issues. With command line, I can check ntlm and it works, but it needs domain username as option which I do not want to pass. This is because I would want to use squid with ntlm and I can not pass username from squid configuration file. I want it to authenticate from the domain username that has been used to log in into the system.
Is there any option like %LOGIN or something that can take this username automatically? Wiki pages do say this is automatically done but I do think it will be possible in my case.
And I guess we all missed this: I am using squid in TRANSPARENT mode.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
windows 2003 server as a member serve for samba PDC mail2mphani Linux - Server 0 04-24-2009 08:40 AM
Joining rhel5 on windows 2003 ads server Ankit Jain Linux - Newbie 0 02-29-2008 11:46 AM
RH 4 Enterprise Server Joining windows 2003 Domain configuration campol76 Linux - Newbie 2 01-31-2008 06:19 AM
system-config-samba problem after joining Windows 2003 domain Joe Donner Red Hat 3 06-21-2006 04:35 PM
2003 .NET Server joining Samba Domain kofi Linux - Software 1 03-04-2004 03:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration