Solved

Cannot join RHEL5 server to Windows 2003 SP2 Domain

Posted on 2013-01-03
6
737 Views
Last Modified: 2013-01-09
Using the steps as per the RHEL-AD document (http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/), but I am unable to join a RHEL5 server to the Windows domain. This server does NOT use Winbind, so don't even offer that configuration as we have gotten the RHEl-AD documented steps to work in other server environments fine.

Samba Version: 3.0.33-3.39.el5_8  (and no this cannot be upgraded)

When I use the 'testjoin' command, it shows the information given is fine:

[root@sanbweb1 ~]# net ads testjoin
Join is OK

Open in new window


But when I attempt to actually join the server to the domain, it errors out:

[root@sanbweb1 ~]# net ads join -U mworsham@GPOTEST.LOCAL
mworsham@GPOTEST.LOCAL's password:
Using short domain name -- GPOTEST
Could not connect to server Proj-DC.GPOTEST.LOCAL
The username or password was not correct.
[2013/01/03 12:57:04, 0, effective(0, 0), real(0, 0)] utils/net_rpc_join.c:net_rpc_join_ok(81)
  net_rpc_join_ok: failed to get schannel session key from server Proj-DC.GPOTEST.LOCAL for domain GPOTEST. Error was NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
Failed to join domain: Success

Open in new window

0
Comment
Question by:Michael Worsham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 11

Expert Comment

by:un1x86
ID: 38742802
Hi

Can you post the output of

kinit

Open in new window


by the way. Does the host Proj-DC.GPOTEST.LOCAL exist? Can you ping it?
Maybe you want to show us a bit more of your configs.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 38742994
use samba winbind
0
 
LVL 29

Author Comment

by:Michael Worsham
ID: 38743769
@Sandeep: Winbind is not an option. The code works as we have another whole domain working fine. We just think it's a problem with the Samba SMB.conf configuration w/ Windows side.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 29

Author Comment

by:Michael Worsham
ID: 38743813
@un1x86 Attaching a number of response and configuration files:

/etc/samba/smb.conf configuration
net ads info
ping response from client to dc
kinit & klist output
smbclient test with level 5 debug output
/etc/krb5.conf
/etc/ldap.conf
smbconf.txt
smbclient-test.txt
ping-to-dc.txt
net-ads-info.txt
kinit-klist.txt
krb5conf.txt
ldapconf.txt
0
 
LVL 29

Accepted Solution

by:
Michael Worsham earned 0 total points
ID: 38745911
Actually found a working solution by using the PowerBroker® Identity Services, Open Edition application. Just downloaded and installed the application, restarted the SSH daemon and then ran the command-line way to join the RHEL server to the Windows domain. Worked like a charm the first time.

>> domainjoin-cli join example.local Administrator

Reference:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
0
 
LVL 29

Author Closing Comment

by:Michael Worsham
ID: 38758278
Once Kerberos / LDAP authentication works, just by adding this application and restarting the SSH daemon, the server was easily joined to the Windows AD domain.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
error while installing php56 in redhat enterprise linux 20 77
SSL/TLS - openssl troubleshooting 3 62
LINUX Field Separators 7 57
Ubuntu don’t allow SU command in terminal 7 68
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question