Problem joing RHEL4 to Windows Server 2003 Active Directory using winbind

kevin huang khuang888 at gmail.com
Thu Mar 16 12:53:48 UTC 2006 

Hi there
I have been trying to get my RHEL4 client to join on a Windows domain,
however, i still cant retrieve a list of domain users from the domain
by running the command wbinfo -u. By the way, i am running Vmware and the
samba packege I am using is samba-3.0.10-1.4E.2.

Here is a quick summary of where I am at:

1) kinit -V Administrator at NWTRADERS.MSFT
When I ran the above command, I could get a ticket successfully. I
then confirmed this by running klist:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at NWTRADERS.MSFT

Valid starting     Expires            Service principal
03/16/06 23:08:21  03/17/06 09:07:17  krbtgt/NWTRADERS.MSFT at NWTRADERS.MSFT
       renew until 03/17/06 23:08:21

2) net ads join -S LONDON.NWTRADERS.MSFT -U administrator
I was able to joing my RHEL4 machine to Windows Server 2003 AD i.e a
computer object for my RHEL4 machine was created in AD. Below is the
output

"Using short domain name -- NWTRADERS
Joined 'BRISBANE' to realm 'NWTRADERS.MSFT'"

3) wbinfo -t
I ran the above command and it returned "checking the trust secret via
RPC calls succeeded". Ok so far so good.

4) wbinfo -u
This is where i am stucked. I ran the command and it returned "Error
looking up domain users"

Below are my configuration files for
- smb.conf
- krb5.conf
- nsswitch.conf

--- smb.conf --------------------
[global]
 workgroup = NWTRADERS
 security = ads
 realm = NWTRADERS.MSFT
 password server = LONDON.NWTRADERS.MSFT
 idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431
 template shell = /bin/bash
 template homedir = /home/%D/%D\%U
 interfaces = 192.168.1.1 eth1
 ldap admin dn = cn=Administrator,cn=users,DC=nwtraders,DC=msft
 ldap suffix = DC=nwtraders,DC=msft
 winbind use default domain = Yes
 winbind trusted domains only = Yes

---- krb5.conf----------------------------------------------------------------------------------
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_realm = nwtraders.msft

[realms]
 NWTRADERS.MSFT = {
 kdc = london.nwtraders.msft:88
 admin_server = london.nwtraders.msft:749
 default_domain = nwtraders.msft
 }

[domain_realm]
 .nwtraders.msft = NWTRADERS.MSFT
 nwtraders.msft = NWTRADERS.MSFT

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
 }

---- nsswitch.conf
----------------------------------------------------------------------------
passwd:     files winbind
shadow:     files
group:      files winbind

hosts:      files dns

bootparams: files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  files
automount:  files
aliases:    files

Here is the output from winbindd.log:

[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
 Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libads/kerberos.c:ads_kinit_password(146)
 kerberos_kinit_password host/BRISBANE at NWTRADERS.MSFT failed:
Resource temporarily unavailable
[2006/03/16 23:49:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
 ads_connect for domain NWTRADERS failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
 Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
 Kinit failed: Resource temporarily unavailable

What does it mean when it says "Resoure temporarily unavailable"?

Also, I checked the system log file in Windows, and here is what I
have discovered:

Event Type:     Failure Audit
Event Source:   Security
Event Category: Account Logon
Event ID:       675
Date:           16/03/2006
Time:           11:48:19 PM
User:           NT AUTHORITY\SYSTEM
Computer:       LONDON
Description:
Pre-authentication failed:
       User Name:      brisbane$
       User ID:                NWTRADERS\brisbane$
       Service Name:   krbtgt/NWTRADERS.MSFT
       Pre-Authentication Type:        0x0
       Failure Code:   0x19
       Client Address: 192.168.1.2


I would be very grateful if anyone can help me out on my problem.
Thanks in advance

Regards


Kevin

More information about the redhat-list mailing list