Problem joing RHEL4 to Windows Server 2003 Active Directory using winbind
kevin huang
khuang888 at gmail.com
Thu Mar 16 12:53:48 UTC 2006
Hi there
I have been trying to get my RHEL4 client to join on a Windows domain,
however, i still cant retrieve a list of domain users from the domain
by running the command wbinfo -u. By the way, i am running Vmware and the
samba packege I am using is samba-3.0.10-1.4E.2.
Here is a quick summary of where I am at:
1) kinit -V Administrator at NWTRADERS.MSFT
When I ran the above command, I could get a ticket successfully. I
then confirmed this by running klist:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at NWTRADERS.MSFT
Valid starting Expires Service principal
03/16/06 23:08:21 03/17/06 09:07:17 krbtgt/NWTRADERS.MSFT at NWTRADERS.MSFT
renew until 03/17/06 23:08:21
2) net ads join -S LONDON.NWTRADERS.MSFT -U administrator
I was able to joing my RHEL4 machine to Windows Server 2003 AD i.e a
computer object for my RHEL4 machine was created in AD. Below is the
output
"Using short domain name -- NWTRADERS
Joined 'BRISBANE' to realm 'NWTRADERS.MSFT'"
3) wbinfo -t
I ran the above command and it returned "checking the trust secret via
RPC calls succeeded". Ok so far so good.
4) wbinfo -u
This is where i am stucked. I ran the command and it returned "Error
looking up domain users"
Below are my configuration files for
- smb.conf
- krb5.conf
- nsswitch.conf
--- smb.conf --------------------
[global]
workgroup = NWTRADERS
security = ads
realm = NWTRADERS.MSFT
password server = LONDON.NWTRADERS.MSFT
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%D/%D\%U
interfaces = 192.168.1.1 eth1
ldap admin dn = cn=Administrator,cn=users,DC=nwtraders,DC=msft
ldap suffix = DC=nwtraders,DC=msft
winbind use default domain = Yes
winbind trusted domains only = Yes
---- krb5.conf----------------------------------------------------------------------------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
dns_lookup_realm = false
dns_lookup_kdc = false
default_realm = nwtraders.msft
[realms]
NWTRADERS.MSFT = {
kdc = london.nwtraders.msft:88
admin_server = london.nwtraders.msft:749
default_domain = nwtraders.msft
}
[domain_realm]
.nwtraders.msft = NWTRADERS.MSFT
nwtraders.msft = NWTRADERS.MSFT
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
---- nsswitch.conf
----------------------------------------------------------------------------
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files
Here is the output from winbindd.log:
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password host/BRISBANE at NWTRADERS.MSFT failed:
Resource temporarily unavailable
[2006/03/16 23:49:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NWTRADERS failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Resource temporarily unavailable
What does it mean when it says "Resoure temporarily unavailable"?
Also, I checked the system log file in Windows, and here is what I
have discovered:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 16/03/2006
Time: 11:48:19 PM
User: NT AUTHORITY\SYSTEM
Computer: LONDON
Description:
Pre-authentication failed:
User Name: brisbane$
User ID: NWTRADERS\brisbane$
Service Name: krbtgt/NWTRADERS.MSFT
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 192.168.1.2
I would be very grateful if anyone can help me out on my problem.
Thanks in advance
Regards
Kevin
More information about the redhat-list
mailing list