LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   LinuxQuestions.org Member Success Stories (https://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/)
-   -   [TUTORIAL] AD integration with Ubuntu 14.04 and winbind (https://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/%5Btutorial%5D-ad-integration-with-ubuntu-14-04-and-winbind-4175516531/)

Josh Scott 05-07-2015 12:38 PM
Quote:
Code:

# wbinfo -u
# wbinfo -g
# wbinfo -i ragekat
# getent passwd
# getent group

all have the expected results, the final step of simply logging in via 'login' isn't accepting the AD credentials.
I'm having the same problem.

andreyiv 05-07-2015 01:53 PM
Quote:
Originally Posted by RageKat (Post 5358903)
...

The only thing that sticks ouot to me is this bit: "Kinit failed: Cannot contact any KDC for requested realm". Double checking the suggested block I have:

Code:
[realms]
 DOMAIN.LOCAL = {
  kdc = dc01.domain.local:88
  default_domain = dc01.domain.local
 }
...which also looks right to me. And even so, if it couldn't reach the domain controller for some reason, then I suspect that

Code:
kinit ragekat@DOMAIN.LOCAL
shouldn't have worked either, but it appears to.

Any thoughts?
I believe all the realms (and only realms) stuff needs to be capitalized (for whatever reason). This leads me to believe that

Code:
kinit ragekat@domain.local
wouldn't work. Curious to see if that's the case. Conversely

Code:
[realms]
 DOMAIN.LOCAL = {
  kdc = DC01.DOMAIN.LOCAL:88
  default_domain = DC01.DOMAIN.LOCAL
 }
should work.

Disclaimer: Take my suggestions with a grain of salt. I have limited experience with AD and have not tried this guide yet. However, I have done a lot of reading in regards to this topic. Unfortunately I can't even begin to remember where I read that realms stuff needs to be capitalized.

Edit: I just re-read the first post and realized that it mentions capitalization.

RageKat 05-08-2015 10:29 AM
Well, the guide didn't have it capitalized, hence why I didn't either. Gave it a shot anyway.

Still not working, I'm afraid. For good measure, I tried `ragekat`, `domain\ragekat` and `DOMAIN\ragekat` as possible login names, but none of them took.

Also missing from this guide is a way to restrict logins to a group, and I feel it's possible that might be inclusive rather than exclusive. However, I am a domain admin, so if nothing else, it should at least be letting me on.

Josh Scott 05-08-2015 11:07 AM
I continue to have the problem so I ssh'd in and tailed my /etc/samba/samba.log in realtime:

Quote:
sudo tail -f /etc/samba/samba.log
And watched the tail as I attempted to connect over the network. When attempting to connect, this is what is happening in samba.log:

Quote:
[2015/05/08 09:44:22.949945, 1] ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
Failed to map kerberos principal to system user (NT_STATUS_LOGIN_FAILURE)
So it looks like a kerberos problem, which is weird because 'kinit <domain user>' works, so.. I'm going to continue working on it and will post updates.

Thanks everyone for your input.

radicall 07-12-2015 07:07 PM
I ran into a wierd issue with not being able to join the Domain. I realized that ping wasn't working to FQDN of the Domain Controller or to the Domain Name (domain.local). Found out that any domain ending with .local is used by mDNS and therefore it wasn't using DNS at all but rather broadcasting.

Disabled mDNS
service avahi-daemon stop
systemctl disable avahi-daemon

This got DNS working and then I was able to join the domain. Thanks for the wonderful writeup @rabbit2345

kaplan71 06-13-2016 03:39 PM
Hello --

I went through the procedure that you had posted, and it appears to have worked well for me. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. The server in question is an Ubuntu 14.04 LTS 64-bit system with Samba 4.3.9 running on it. I had several follow-up questions:

1. How can I configure an SSH connection to the server that will utilize the active directory login?

2. When the login completes, I encounter the following error messages:

Quote:
Unknown parameter encountered: "netbios"
Ignoring unknown parameter "netbios"
Unknown parameter encountered: "winbind allow trusted domains"
Ignoring unknown parameter "winbind allow trusted domains"
I believe these go back to smb.conf file. I checked the syntax of the two lines within the file, and everything looked fine.

Do you have any thoughts on this?

Thanks.

Sree Ram 08-29-2017 08:02 PM
kinit user@DOMAIN.LOCAL does return password promt.
net ads testjoin returs 'join Ok'

Unfortunately, when I try to login it says 'access denied' with domain users. Configuration seems to be ok to me, how do I go about it?


All times are GMT -5. The time now is 12:31 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page