Welcome to the most active Linux Forum on the web.
 Home Forums HCL Reviews Tutorials Articles Register Search Today's Posts Mark Forums Read
 LinuxQuestions.org [TUTORIAL] AD integration with Ubuntu 14.04 and winbind
 LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months? Post your Linux Success Stories here.

Notices

05-07-2015, 01:38 PM   #16
Josh Scott
LQ Newbie

Registered: Apr 2015
Location: Boise, ID
Distribution: Debian, Linux Mint, FreeBSD
Posts: 14

Rep:

Quote:
 Code: # wbinfo -u # wbinfo -g # wbinfo -i ragekat # getent passwd # getent group all have the expected results, the final step of simply logging in via 'login' isn't accepting the AD credentials.
I'm having the same problem.

05-07-2015, 02:53 PM   #17
andreyiv
LQ Newbie

Registered: Apr 2015
Posts: 1

Rep:
Quote:
 Originally Posted by RageKat ... The only thing that sticks ouot to me is this bit: "Kinit failed: Cannot contact any KDC for requested realm". Double checking the suggested block I have: Code: [realms] DOMAIN.LOCAL = { kdc = dc01.domain.local:88 default_domain = dc01.domain.local } ...which also looks right to me. And even so, if it couldn't reach the domain controller for some reason, then I suspect that Code: kinit ragekat@DOMAIN.LOCAL shouldn't have worked either, but it appears to. Any thoughts?
I believe all the realms (and only realms) stuff needs to be capitalized (for whatever reason). This leads me to believe that

Code:
kinit ragekat@domain.local
wouldn't work. Curious to see if that's the case. Conversely

Code:
[realms]
DOMAIN.LOCAL = {
kdc = DC01.DOMAIN.LOCAL:88
default_domain = DC01.DOMAIN.LOCAL
}
should work.

Disclaimer: Take my suggestions with a grain of salt. I have limited experience with AD and have not tried this guide yet. However, I have done a lot of reading in regards to this topic. Unfortunately I can't even begin to remember where I read that realms stuff needs to be capitalized.

Edit: I just re-read the first post and realized that it mentions capitalization.

Last edited by andreyiv; 05-07-2015 at 06:28 PM. Reason: Missed information by not re-reading all the posts in the thread.

 05-08-2015, 11:29 AM #18 RageKat LQ Newbie   Registered: Jun 2010 Posts: 5 Rep: Well, the guide didn't have it capitalized, hence why I didn't either. Gave it a shot anyway. Still not working, I'm afraid. For good measure, I tried ragekat, domain\ragekat and DOMAIN\ragekat as possible login names, but none of them took. Also missing from this guide is a way to restrict logins to a group, and I feel it's possible that might be inclusive rather than exclusive. However, I am a domain admin, so if nothing else, it should at least be letting me on.
05-08-2015, 12:07 PM   #19
Josh Scott
LQ Newbie

Registered: Apr 2015
Location: Boise, ID
Distribution: Debian, Linux Mint, FreeBSD
Posts: 14

Rep:
I continue to have the problem so I ssh'd in and tailed my /etc/samba/samba.log in realtime:

Quote:
 sudo tail -f /etc/samba/samba.log
And watched the tail as I attempted to connect over the network. When attempting to connect, this is what is happening in samba.log:

Quote:
 [2015/05/08 09:44:22.949945, 1] ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac) Failed to map kerberos principal to system user (NT_STATUS_LOGIN_FAILURE)
So it looks like a kerberos problem, which is weird because 'kinit <domain user>' works, so.. I'm going to continue working on it and will post updates.

 07-12-2015, 08:07 PM #20 radicall LQ Newbie   Registered: Jul 2015 Posts: 1 Rep: I ran into a wierd issue with not being able to join the Domain. I realized that ping wasn't working to FQDN of the Domain Controller or to the Domain Name (domain.local). Found out that any domain ending with .local is used by mDNS and therefore it wasn't using DNS at all but rather broadcasting. Disabled mDNS service avahi-daemon stop systemctl disable avahi-daemon This got DNS working and then I was able to join the domain. Thanks for the wonderful writeup @rabbit2345
06-13-2016, 04:39 PM   #21
kaplan71
Member

Registered: Nov 2003
Posts: 795

Rep:
Hello --

I went through the procedure that you had posted, and it appears to have worked well for me. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. The server in question is an Ubuntu 14.04 LTS 64-bit system with Samba 4.3.9 running on it. I had several follow-up questions:

1. How can I configure an SSH connection to the server that will utilize the active directory login?

2. When the login completes, I encounter the following error messages:

Quote:
 Unknown parameter encountered: "netbios" Ignoring unknown parameter "netbios" Unknown parameter encountered: "winbind allow trusted domains" Ignoring unknown parameter "winbind allow trusted domains"
I believe these go back to smb.conf file. I checked the syntax of the two lines within the file, and everything looked fine.

Do you have any thoughts on this?

Thanks.

 08-29-2017, 09:02 PM #22 Sree Ram LQ Newbie   Registered: Aug 2017 Posts: 1 Rep: kinit user@DOMAIN.LOCAL does return password promt. net ads testjoin returs 'join Ok' Unfortunately, when I try to login it says 'access denied' with domain users. Configuration seems to be ok to me, how do I go about it?

 Tags active directory, integration, ubuntu 14.04, winbind

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules

 Similar Threads Thread Thread Starter Forum Replies Last Post LXer Syndicated Linux News 0 08-02-2013 03:50 PM LXer Syndicated Linux News 0 04-18-2013 06:20 PM LXer Syndicated Linux News 0 02-18-2013 08:32 PM grungerokker13 Linux - Server 1 12-08-2011 11:03 AM matthewhardwick Fedora 2 09-16-2006 05:54 PM

LinuxQuestions.org

All times are GMT -5. The time now is 06:02 PM.

 Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -