Problem of integrating windows AD with Samba of Ubuntu

I was trying to integrate windows Acitive Directory with Ubuntu 7.10 and I have followed this article:
I did everything it suggested and restarted the Ubuntu by the end, and then I was stuck.
I got the message below and just couldn't login to Ubuntu again.
kinit: name_to_dex_t(/dev/disk/by-uuid/2c13fe59-38c5-4462-990d-e7a01307beca) = sda5(8,5)
kinit: trying to resume from /dev/disk/by-uuid/2c13fe59-38c5-4462-990d-e7a01307beca
kinit: No resume image, doing normal boot...

Ubuntu 7.10 svubuntu tty1

When I try to log in it just pauses like I have type in the wrong password and the says "Login incorrect" and then goes back to Login prompt. I have tried "root" account and normal user account, none of them working.

I can still log in to the Ubuntu recovery mode with root account.

Any help would be much appreciated.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You could try doing a file system check, as root do:

$ init 1
$ e2fsck -fp /dev/sda5

The -f will force a full check and -p is the option for auto-repair.
brothertuAuthor Commented:
Now I got error below:
e2fsck: bad magic number in super-block while trying to open /dev/sda5
the superblock could not be read or does not describe a correct ext2 filesystem. If the device is valid and it really contains an ext2 filesyste (and not swap or ufs or something else), then the superblock is corrupt, and you might try running e2fsck with an alternate superblock: e2fsck -b 8193 <device>

Any idea?
brothertuAuthor Commented:
I have to reinstall the Linux server and re-configure LDAP on it.
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

just use the fsck utility for the file system that you're using. fsck.ext3 will work for ext3 and reiserfsck will do for a reiser file system.
How come you need LDAP? You can connect a Linux box to an AD domain without installing an LDAP client.
brothertuAuthor Commented:
Hi Coanda,
If you have a better way that can make me login to the Linux box with my windows domain account, that would be great.

That was what I have tried to do by following the article I posted.
I'll try to do a brief description of what I do to connect Linux machines to my AD, obviously for the documents listed below make sure to replace ds1 with your AD server and domain.local with the domain that you're using. Also, the case is important throughout what is described below.

First make sure that your /etc/hosts file contains an entry for your domain controller (I've used ds1 as a name in the steps below)

$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install samba samba-common smbfs
$ sudo vim /etc/samba/smb.conf

## /etc/samba/smb.conf:

------ start copy here ---------

  workgroup = DOMAIN
  password server = ds1.domain.local
  realm = DOMAIN.LOCAL
  security = ADS
  netbios name = srv


  # winbind section
  idmap backend = rid:DOMAIN=10000-20000
  idmap uid = 10000-20000
  idmap gid = 10000-20000

  allow trusted domains = no

  winbind refresh tickets = yes
  winbind use default domain = yes
  winbind offline logon = false
  winbind enum users = yes
  winbind enum groups = yes

  template homedir = /home/%D/%U
  template shell = /bin/bash

  guest account = nobody
  map to guest = bad user

  # set the loglevel
  log level = 3

  create mask = 774
  directory mask = 775
  locking = yes

  # added this section so that I can share out the cdrom
  usershare owner only = false

------- end copy here --------

$ sudo apt-get install libpam-krb5 krb5-clients krb5-user libkrb5-dev

!!!Important, make sure that the system time of the server being connected matches that of the domain controller.

$ sudo vim /etc/krb5.conf

## /etc/krb5.conf:

------- start copy here --------

        default_realm = DOMAIN.LOCAL
        clockskew = 300

        DOMAIN.LOCAL = {
                kdc = ds1.domain.local
                default_domain = domain.local
                admin_server = ds1.domain.local

        .domain.local = DOMAIN.LOCAL

        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 1
                try_first_pass = true

------- end copy here --------

## /etc/nsswitch.conf

------- start copy here --------

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

hosts:          files dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

------- end copy here --------

Contents of the various pam.d files:

$ sudo vim /etc/pam.d/common-account

account sufficient
account required

$ sudo vim /etc/pam.d/common-auth

auth sufficient
auth sufficient nullok_secure use_first_pass
auth required

$ sudo vim /etc/pam.d/common-password

password required nullok obscure min=4 max=8 md5

$ sudo vim /etc/pam.d/common-session

session required

$ sudo vim /etc/pam.d/samba

@include common-auth
@include common-account
@include common-session

Now start the services and connect to the domain

$ sudo /etc/init.d/samba stop
$ sudo /etc/init.d/winbind stop
$ sudo kinit administrator@DOMAIN.LOCAL
$ sudo net ads join -U administrator
$ sudo /etc/init.d/samba start
$ sudo /etc/init.d/winbind start

This usually works for me but sometimes there is some additional tooling around depending on the distribution.
brothertuAuthor Commented:
Thanks Coanda.
I have followed your instruction to configure all the related files.
And I can run this command with no error:
$ sudo kinit administrator@DOMAIN.LOCAL

I have also ran klist command to make sure I am getting the Kerberos ticket, and it looked good.

But this command failed:
$ sudo net ads join -U administrator
I got error below:
Host is not configured as a member server
Invalid configuration.  Exiting.
Failed to join domain: Invalid domain role

I remembered that I went this far last time and got the same error when tried to join the Linux box to  domain.

brothertuAuthor Commented:
I added following lines to the smb.conf file:
local master = no
domain master = no
preferred master = no
wins server = x.x.x.x

And now I can join the Linux box to domain with this command:
$ sudo net ads join -U administrator

I guess maybe I can try to login the Linux box with my domain account.
But I am not sure what the login name would be. Should I use this as login name?

I did a quick try with it but failed with error " access denied", so it must be something as.

Any suggestion?
Many thanks
to list all of the users that winbind can see use the command "wbinfo -u" and to list the groups use "wbinfo -g", my systems only require me to log in using my username but I have sometimes during testing needed to use DOMAIN\username to get it to go.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brothertuAuthor Commented:
This one worked for me:

It's all good now. Thank you very much for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.