Cannot join RHEL5 server to Windows 2003 SP2 Domain

Using the steps as per the RHEL-AD document (http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/), but I am unable to join a RHEL5 server to the Windows domain. This server does NOT use Winbind, so don't even offer that configuration as we have gotten the RHEl-AD documented steps to work in other server environments fine.

Samba Version: 3.0.33-3.39.el5_8  (and no this cannot be upgraded)

When I use the 'testjoin' command, it shows the information given is fine:

[root@sanbweb1 ~]# net ads testjoin
Join is OK

Open in new window


But when I attempt to actually join the server to the domain, it errors out:

[root@sanbweb1 ~]# net ads join -U mworsham@GPOTEST.LOCAL
mworsham@GPOTEST.LOCAL's password:
Using short domain name -- GPOTEST
Could not connect to server Proj-DC.GPOTEST.LOCAL
The username or password was not correct.
[2013/01/03 12:57:04, 0, effective(0, 0), real(0, 0)] utils/net_rpc_join.c:net_rpc_join_ok(81)
  net_rpc_join_ok: failed to get schannel session key from server Proj-DC.GPOTEST.LOCAL for domain GPOTEST. Error was NT_STATUS_ACCESS_DENIED
Failed to verify membership in domain!
Failed to join domain: Success

Open in new window

LVL 29
Michael WorshamInfrastructure / Solutions ArchitectAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Michael WorshamConnect With a Mentor Infrastructure / Solutions ArchitectAuthor Commented:
Actually found a working solution by using the PowerBroker® Identity Services, Open Edition application. Just downloaded and installed the application, restarted the SSH daemon and then ran the command-line way to join the RHEL server to the Windows domain. Worked like a charm the first time.

>> domainjoin-cli join example.local Administrator

Reference:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
0
 
Chris SandriniSenior System EngineerCommented:
Hi

Can you post the output of

kinit

Open in new window


by the way. Does the host Proj-DC.GPOTEST.LOCAL exist? Can you ping it?
Maybe you want to show us a bit more of your configs.
0
 
SandyCommented:
use samba winbind
0
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

 
Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
@Sandeep: Winbind is not an option. The code works as we have another whole domain working fine. We just think it's a problem with the Samba SMB.conf configuration w/ Windows side.
0
 
Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
@un1x86 Attaching a number of response and configuration files:

/etc/samba/smb.conf configuration
net ads info
ping response from client to dc
kinit & klist output
smbclient test with level 5 debug output
/etc/krb5.conf
/etc/ldap.conf
smbconf.txt
smbclient-test.txt
ping-to-dc.txt
net-ads-info.txt
kinit-klist.txt
krb5conf.txt
ldapconf.txt
0
 
Michael WorshamInfrastructure / Solutions ArchitectAuthor Commented:
Once Kerberos / LDAP authentication works, just by adding this application and restarting the SSH daemon, the server was easily joined to the Windows AD domain.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.