Solved

Cannot join RHEL5 server to Windows 2003 SP2 Domain

Posted on 2013-01-03
6
726 Views
Last Modified: 2013-01-09
Using the steps as per the RHEL-AD document (http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/), but I am unable to join a RHEL5 server to the Windows domain. This server does NOT use Winbind, so don't even offer that configuration as we have gotten the RHEl-AD documented steps to work in other server environments fine.

Samba Version: 3.0.33-3.39.el5_8  (and no this cannot be upgraded)

When I use the 'testjoin' command, it shows the information given is fine:

[root@sanbweb1 ~]# net ads testjoin
Join is OK

Open in new window


But when I attempt to actually join the server to the domain, it errors out:

[root@sanbweb1 ~]# net ads join -U mworsham@GPOTEST.LOCAL
mworsham@GPOTEST.LOCAL's password:
Using short domain name -- GPOTEST
Could not connect to server Proj-DC.GPOTEST.LOCAL
The username or password was not correct.
[2013/01/03 12:57:04, 0, effective(0, 0), real(0, 0)] utils/net_rpc_join.c:net_rpc_join_ok(81)
  net_rpc_join_ok: failed to get schannel session key from server Proj-DC.GPOTEST.LOCAL for domain GPOTEST. Error was NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
Failed to join domain: Success

Open in new window

0
Comment
Question by:Michael W
  • 4
6 Comments
 
LVL 11

Expert Comment

by:un1x86
ID: 38742802
Hi

Can you post the output of

kinit

Open in new window


by the way. Does the host Proj-DC.GPOTEST.LOCAL exist? Can you ping it?
Maybe you want to show us a bit more of your configs.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 38742994
use samba winbind
0
 
LVL 29

Author Comment

by:Michael W
ID: 38743769
@Sandeep: Winbind is not an option. The code works as we have another whole domain working fine. We just think it's a problem with the Samba SMB.conf configuration w/ Windows side.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 29

Author Comment

by:Michael W
ID: 38743813
@un1x86 Attaching a number of response and configuration files:

/etc/samba/smb.conf configuration
net ads info
ping response from client to dc
kinit & klist output
smbclient test with level 5 debug output
/etc/krb5.conf
/etc/ldap.conf
smbconf.txt
smbclient-test.txt
ping-to-dc.txt
net-ads-info.txt
kinit-klist.txt
krb5conf.txt
ldapconf.txt
0
 
LVL 29

Accepted Solution

by:
Michael W earned 0 total points
ID: 38745911
Actually found a working solution by using the PowerBroker® Identity Services, Open Edition application. Just downloaded and installed the application, restarted the SSH daemon and then ran the command-line way to join the RHEL server to the Windows domain. Worked like a charm the first time.

>> domainjoin-cli join example.local Administrator

Reference:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
0
 
LVL 29

Author Closing Comment

by:Michael W
ID: 38758278
Once Kerberos / LDAP authentication works, just by adding this application and restarting the SSH daemon, the server was easily joined to the Windows AD domain.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn about cloud computing and its benefits for small business owners.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now