Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - General > Member Success Stories
User Name
Password Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.


  Search this Thread
Old 05-07-2015, 01:38 PM   #16
Josh Scott
LQ Newbie
Registered: Apr 2015
Location: Boise, ID
Distribution: Debian, Linux Mint, FreeBSD
Posts: 14

Rep: Reputation: Disabled


# wbinfo -u
# wbinfo -g
# wbinfo -i ragekat
# getent passwd
# getent group

all have the expected results, the final step of simply logging in via 'login' isn't accepting the AD credentials.
I'm having the same problem.
Old 05-07-2015, 02:53 PM   #17
LQ Newbie
Registered: Apr 2015
Posts: 1

Rep: Reputation: Disabled
Originally Posted by RageKat View Post

The only thing that sticks ouot to me is this bit: "Kinit failed: Cannot contact any KDC for requested realm". Double checking the suggested block I have:

  kdc = dc01.domain.local:88
  default_domain = dc01.domain.local
...which also looks right to me. And even so, if it couldn't reach the domain controller for some reason, then I suspect that

kinit ragekat@DOMAIN.LOCAL
shouldn't have worked either, but it appears to.

Any thoughts?
I believe all the realms (and only realms) stuff needs to be capitalized (for whatever reason). This leads me to believe that

kinit ragekat@domain.local
wouldn't work. Curious to see if that's the case. Conversely

  kdc = DC01.DOMAIN.LOCAL:88
  default_domain = DC01.DOMAIN.LOCAL
should work.

Disclaimer: Take my suggestions with a grain of salt. I have limited experience with AD and have not tried this guide yet. However, I have done a lot of reading in regards to this topic. Unfortunately I can't even begin to remember where I read that realms stuff needs to be capitalized.

Edit: I just re-read the first post and realized that it mentions capitalization.

Last edited by andreyiv; 05-07-2015 at 06:28 PM. Reason: Missed information by not re-reading all the posts in the thread.
Old 05-08-2015, 11:29 AM   #18
LQ Newbie
Registered: Jun 2010
Posts: 5

Rep: Reputation: 0
Well, the guide didn't have it capitalized, hence why I didn't either. Gave it a shot anyway.

Still not working, I'm afraid. For good measure, I tried `ragekat`, `domain\ragekat` and `DOMAIN\ragekat` as possible login names, but none of them took.

Also missing from this guide is a way to restrict logins to a group, and I feel it's possible that might be inclusive rather than exclusive. However, I am a domain admin, so if nothing else, it should at least be letting me on.
Old 05-08-2015, 12:07 PM   #19
Josh Scott
LQ Newbie
Registered: Apr 2015
Location: Boise, ID
Distribution: Debian, Linux Mint, FreeBSD
Posts: 14

Rep: Reputation: Disabled
I continue to have the problem so I ssh'd in and tailed my /etc/samba/samba.log in realtime:

sudo tail -f /etc/samba/samba.log
And watched the tail as I attempted to connect over the network. When attempting to connect, this is what is happening in samba.log:

[2015/05/08 09:44:22.949945, 1] ../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
Failed to map kerberos principal to system user (NT_STATUS_LOGIN_FAILURE)
So it looks like a kerberos problem, which is weird because 'kinit <domain user>' works, so.. I'm going to continue working on it and will post updates.

Thanks everyone for your input.
Old 07-12-2015, 08:07 PM   #20
LQ Newbie
Registered: Jul 2015
Posts: 1

Rep: Reputation: Disabled
I ran into a wierd issue with not being able to join the Domain. I realized that ping wasn't working to FQDN of the Domain Controller or to the Domain Name (domain.local). Found out that any domain ending with .local is used by mDNS and therefore it wasn't using DNS at all but rather broadcasting.

Disabled mDNS
service avahi-daemon stop
systemctl disable avahi-daemon

This got DNS working and then I was able to join the domain. Thanks for the wonderful writeup @rabbit2345
Old 06-13-2016, 04:39 PM   #21
Registered: Nov 2003
Posts: 795

Rep: Reputation: 39
Hello --

I went through the procedure that you had posted, and it appears to have worked well for me. When I am at the server console, I am able to enter my domain username and password, and I am able to log into the server. The server in question is an Ubuntu 14.04 LTS 64-bit system with Samba 4.3.9 running on it. I had several follow-up questions:

1. How can I configure an SSH connection to the server that will utilize the active directory login?

2. When the login completes, I encounter the following error messages:

Unknown parameter encountered: "netbios"
Ignoring unknown parameter "netbios"
Unknown parameter encountered: "winbind allow trusted domains"
Ignoring unknown parameter "winbind allow trusted domains"
I believe these go back to smb.conf file. I checked the syntax of the two lines within the file, and everything looked fine.

Do you have any thoughts on this?

Old 08-29-2017, 09:02 PM   #22
Sree Ram
LQ Newbie
Registered: Aug 2017
Posts: 1

Rep: Reputation: Disabled
kinit user@DOMAIN.LOCAL does return password promt.
net ads testjoin returs 'join Ok'

Unfortunately, when I try to login it says 'access denied' with domain users. Configuration seems to be ok to me, how do I go about it?


active directory, integration, ubuntu 14.04, winbind

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: WordPress and MathJax Integration Tutorial LXer Syndicated Linux News 0 08-02-2013 03:50 PM
LXer: WordPress and reCAPTCHA integration tutorial LXer Syndicated Linux News 0 04-18-2013 06:20 PM
LXer: WordPress and OpenX integration tutorial LXer Syndicated Linux News 0 02-18-2013 08:32 PM
Active Directory Integration (Winbind)-- Cannot find name for group ID grungerokker13 Linux - Server 1 12-08-2011 11:03 AM
Active Directory 2003 Integration (Winbind dead) matthewhardwick Fedora 2 09-16-2006 05:54 PM > Forums > Linux Forums > Linux - General > Member Success Stories

All times are GMT -5. The time now is 06:02 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration