Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.
Solved
Cannot join RHEL5 server to Windows 2003 SP2 Domain
Posted on 2013-01-03
Using the steps as per the RHEL-AD document (http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/), but I am unable to join a RHEL5 server to the Windows domain. This server does NOT use Winbind, so don't even offer that configuration as we have gotten the RHEl-AD documented steps to work in other server environments fine.
Samba Version: 3.0.33-3.39.el5_8 (and no this cannot be upgraded)
When I use the 'testjoin' command, it shows the information given is fine:
But when I attempt to actually join the server to the domain, it errors out:
Samba Version: 3.0.33-3.39.el5_8 (and no this cannot be upgraded)
When I use the 'testjoin' command, it shows the information given is fine:
[root@sanbweb1 ~]# net ads testjoin
Join is OK
But when I attempt to actually join the server to the domain, it errors out:
[root@sanbweb1 ~]# net ads join -U mworsham@GPOTEST.LOCAL
mworsham@GPOTEST.LOCAL's password:
Using short domain name -- GPOTEST
Could not connect to server Proj-DC.GPOTEST.LOCAL
The username or password was not correct.
[2013/01/03 12:57:04, 0, effective(0, 0), real(0, 0)] utils/net_rpc_join.c:net_rpc_join_ok(81)
net_rpc_join_ok: failed to get schannel session key from server Proj-DC.GPOTEST.LOCAL for domain GPOTEST. Error was NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
Failed to join domain: Success
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
6 Comments
Hi
Can you post the output of
by the way. Does the host Proj-DC.GPOTEST.LOCAL exist? Can you ping it?
Maybe you want to show us a bit more of your configs.
Can you post the output of
kinit
by the way. Does the host Proj-DC.GPOTEST.LOCAL exist? Can you ping it?
Maybe you want to show us a bit more of your configs.
@Sandeep: Winbind is not an option. The code works as we have another whole domain working fine. We just think it's a problem with the Samba SMB.conf configuration w/ Windows side.
@un1x86 Attaching a number of response and configuration files:
/etc/samba/smb.conf configuration
net ads info
ping response from client to dc
kinit & klist output
smbclient test with level 5 debug output
/etc/krb5.conf
/etc/ldap.conf
smbconf.txt
smbclient-test.txt
ping-to-dc.txt
net-ads-info.txt
kinit-klist.txt
krb5conf.txt
ldapconf.txt
/etc/samba/smb.conf configuration
net ads info
ping response from client to dc
kinit & klist output
smbclient test with level 5 debug output
/etc/krb5.conf
/etc/ldap.conf
smbconf.txt
smbclient-test.txt
ping-to-dc.txt
net-ads-info.txt
kinit-klist.txt
krb5conf.txt
ldapconf.txt
Actually found a working solution by using the PowerBroker® Identity Services, Open Edition application. Just downloaded and installed the application, restarted the SSH daemon and then ran the command-line way to join the RHEL server to the Windows domain. Worked like a charm the first time.
>> domainjoin-cli join example.local Administrator
Reference:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
>> domainjoin-cli join example.local Administrator
Reference:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
Featured Post
Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I. Introduction
There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month8 days, 11 hours left to enroll
597 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.