PDA

View Full Version : Linux Gurus help please (Joining 2003 Domain)


MannyL
05-10-2008, 04:00 PM
Although I haven't been employed in a support position for a while I try to keep my skills fresh. I have a NFR 2003 R2 server running in my room. I am trying to connect a Linux system with the Ubuntu distro to it.

The Linux box is getting an IP and is on the network but I'm unable to join the domain.

I followed the Onnoot Wiki (http://www.onnoot.com/wiki/how_to_join_ubuntu_samba_to_a_windows_2003_active_directory_domain) directions but when I issue the

sudo net ads join -U administrator

command and enter the administrator password I get the following


emanuel@dumpster:/var/log/samba$ sudo net ads join -U administrator
administrator's password:
Using short domain name -- LEVY
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'DUMPSTER' in realm 'LEVY.HOME'
Failed to join domain: Type or value exists
emanuel@dumpster:/var/log/samba$



What could my problems be?

Digital Stimulus
05-10-2008, 06:45 PM
I've never tried (had to) integrate with AD. But, a cursory google yielded a guess that it's your domain name setting. This thread (http://readlist.com/lists/lists.samba.org/samba/2/10322.html) indicates that, in addition to including a workaround. Here's another (http://www.nabble.com/Failed-to-set-servicePrincipalNames-(driving-me-insane!)-to10660685.html) that mentions a similar issue. (The fix given there is to add a line to /etc/hosts specifying: IP FQDN SHORTNAME.)

Again, I have no experience here, but thought the above might help.

MannyL
05-10-2008, 07:05 PM
Digital thanks. That leads me down the path of what is wrong. I tried the workaround in the first thread and got a different failure.

emanuel@dumpster:~$ sudo net join -U adminstrator -w LEVY
adminstrator's password:
[2008/05/10 20:04:28, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password adminstrator@LEVY.HOME failed: Client not found in Kerberos database
Failed to join domain: Improperly formed account name
ADS join did not work, falling back to RPC...
Could not connect to server DELLSVR2003E
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
emanuel@dumpster:~$

I will be checking the logs on the 2003 box

MannyL
05-10-2008, 08:22 PM
Feel like I'm talking to myself. I have a new error which google did not help out on much


emanuel@dumpster:~$ sudo net ads join -U administrator
administrator's password:
Using short domain name -- LEVY
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'DUMPSTER' in realm 'LEVY.HOME'
Failed to join domain: Type or value exists
emanuel@dumpster:~$

Digital Stimulus
05-10-2008, 08:57 PM
Feel like I'm talking to myself.Hey now. I may not be living up to my username, but that was uncalled for. ;) :D

So, did you modify your /etc/hosts file? It looks like you've got the hostname set to "LEVY.HOME". But that most likely doesn't match your Windows domain name (speaking from ignorance, here, so I could very well be wrong). On Linux, use the hostname -f command. On Windows, it looks like (from a quick google) the nbstat -c command will do it. (I'm sure there's a GUI way, but I like the command line. Even in Windows.)

Also, I have *no* experience with kerberos, so I'm no help there. Sorry.

ETA: I just realized that "IP FQDN SHORTNAME" may have been incomprehensible. What it means is, open the /etc/hosts file and add a line:

<your_IP_address> <fully_qualified_domain_name> <short_domain_name>

For example, something like:192.168.0.2 levy.home.com levy

MannyL
05-10-2008, 09:05 PM
No I meant I was replying to my reply. The good news is I solved all the errors and the Linux box is part of the domain and even shows in network neighborhood. The bad part is the share is declining my password.

Digital Stimulus
05-10-2008, 10:39 PM
No I meant I was replying to my reply.Yeah, I was kidding. A little levity to help get through the hit-your-head-against-the-wall computer issues. :) The good news is I solved all the errors and the Linux box is part of the domain and even shows in network neighborhood. The bad part is the share is declining my password.Well, glad I could get you on some path that seems to have helped. If you're using Samba, you might want to look at the smb.conf, the password file (I can't remember the name right now), and the related man pages. As if you didn't know that already.

I wish I could help more, but to be honest, I've been wrestling with Samba sharing myself. Haven't figured a fix out yet...it keeps getting superseded by other things on my priority list.

MannyL
05-10-2008, 10:52 PM
Well it works with me just entering the name of a linux user and their password. Now I have to figure out how to supress it showing PDF & Printers & faxes since there are none on that share or system

Digital Stimulus
05-11-2008, 12:56 AM
Now I have to figure out how to supress it showing PDF & Printers & faxes since there are none on that share or systemI think you need to set something about printers in the [global] section of smb.conf.

Ah, looking at the end of the Ubuntu configuring Samba (https://help.ubuntu.com/6.06/ubuntu/serverguide/C/configuring-samba.html) guide (6.06; not sure what release you're using), we find:...You specify all shares are browseable by all clients on the network by placing a browseable directive, which takes a Boolean argument, under the [global] heading in the /etc/samba/smb.conf. That is, if you edit the file and add the line:

browseable = true

under the [global] section of /etc/samba/smb.conf, then all shares provided by your Ubuntu system via SAMBA will be browseable by all authorized clients, unless a specific share contains a browseable = false directive, which will override the global directive.At least, I think that's what you're looking for.