[rhelv6-beta-list] How can I join a 2008-R2 domain?
Kirby Zhou
kirbyzhou at sohu-rd.com
Tue Jun 22 12:13:53 UTC 2010
It seems very strange:
authconfig --enableshadow --enablemd5 --enablekrb5 --krb5kdc=SOHU-TEST.COM --krb5adminserver=SOHU-TEST.COM --krb5realm=SOHU-TEST.COM --enablekrb5kdcdns --enablekrb5realmdns --disablesmbauth --smbworkgroup=SOHU-TEST --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=SOHU-TEST.COM --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --enablewinbindoffline --winbindjoin=administrator --enablecache --enablelocauthorize --enablepamaccess --disablesysnetauth --kickstart
called [/usr/bin/net join -w SOHU-TEST -S SOHU-TEST.COM -U administrator]
and failed,
but If I call [/usr/bin/net join -w SOHU-TEST -U administrator] without [-S SOHU-TEST.COM], it can succeed.
Who knows how to avoid authconfig to send '-S' to net command?
Regards,
Kirby Zhou
from SOHU-RD +86-10-6272-8261
-----Original Message-----
From: rhelv6-beta-list-bounces at redhat.com [mailto:rhelv6-beta-list-bounces at redhat.com] On Behalf Of Kirby Zhou
Sent: Tuesday, June 22, 2010 6:49 PM
To: 'Red Hat Enterprise Linux 6 (Santiago) Beta releases discussion mailing-list'
Subject: Re: [rhelv6-beta-list] How can I join a 2008-R2 domain?
Still failed
RHEL6:
~]# authconfig --enableshadow --enablemd5 --enablekrb5
--krb5kdc=10.10.96.207 --krb5adminserver=10.10.96.207
--krb5realm=SOHU-TEST.COM --enablekrb5kdcdns --enablekrb5realmdns
--enablesmbauth --smbservers=10.10.96.207 --smbworkgroup=SOHU-TEST
--enablewinbind --enablewinbindauth --smbsecurity=ads
--smbrealm=SOHU-TEST.COM --winbindtemplateshell=/bin/bash
--enablewinbindusedefaultdomain --enablewinbindoffline
--winbindjoin=administrator --enablecache --enablelocauthorize
--enablepamaccess --disablesysnetauth --kickstart
[/usr/bin/net join -w SOHU-TEST -S 10.10.96.207 -U administrator]
Enter administrator's password:
Failed to join domain: failed to connect to AD: Operations error
ADS join did not work, falling back to RPC...
Enter administrator's password:
[2010/06/22 18:47:25, 0] utils/net_rpc_join.c:398(net_rpc_join_newstyle)
Error in domain join verification (credential setup failed):
NT_STATUS_INVALID_COMPUTER_NAME
Unable to join domain SOHU-TEST.
Starting nscd: [ OK ]
RHEL5:
]# authconfig --enableshadow --enablemd5 --enablekrb5 --krb5kdc=10.10.96.207
--krb5adminserver=10.10.96.207 --krb5realm=SOHU-TEST.COM --enablekrb5kdcdns
--enablekrb5realmdns --enablesmbauth --smbservers=10.10.96.207
--smbworkgroup=SOHU-TEST --enablewinbind --enablewinbindauth
--smbsecurity=ads --smbrealm=SOHU-TEST.COM --winbindtemplateshell=/bin/bash
--enablewinbindusedefaultdomain --enablewinbindoffline
--winbindjoin=administrator --enablecache --enablelocauthorize
--enablepamaccess --disablesysnetauth --kickstart
[/usr/bin/net join -w SOHU-TEST -S 10.10.96.207 -U administrator]
Enter administrator's password:
[2010/06/22 18:48:28, 0] libads/sasl.c:ads_sasl_spnego_bind(819)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in
Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos
database
ADS join did not work, falling back to RPC...
Enter administrator's password:
[2010/06/22 18:48:33, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(402)
Error in domain join verification (credential setup failed):
NT_STATUS_INVALID_COMPUTER_NAME
Unable to join domain SOHU-TEST.
Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
Stopping nscd: [ OK ]
Starting nscd: [ OK ]
Regards,
Kirby Zhou
from SOHU-RD +86-10-6272-8261
-----Original Message-----
From: rhelv6-beta-list-bounces at redhat.com
[mailto:rhelv6-beta-list-bounces at redhat.com] On Behalf Of Colin Coe
Sent: Tuesday, June 22, 2010 6:03 AM
To: Red Hat Enterprise Linux 6 (Santiago) Beta releases discussion
mailing-list
Subject: Re: [rhelv6-beta-list] How can I join a 2008-R2 domain?
I use:
authconfig --enableshadow \
--enablemd5 \
--enablekrb5 \
--krb5kdc=server.example.com \
--krb5adminserver=server.example.com \
--krb5realm=EXAMPLE.COM \
--enablekrb5kdcdns \
--enablekrb5realmdns \
--enablesmbauth \
--smbservers=server.example.com \
--smbworkgroup=EXAMPLE \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbrealm=EXAMPLE.COM \
--winbindtemplateshell=/bin/bash \
--enablewinbindusedefaultdomain \
--enablewinbindoffline \
--winbindjoin=administrator \
--enablecache \
--enablelocauthorize \
--enablepamaccess \
--disablesysnetauth \
--kickstart
Works for me on RHEL4u8+ and RHEL5.4.+. Haven't actually tried on RHEL6
yet.
YMMV
On Mon, Jun 21, 2010 at 7:24 PM, Kirby Zhou <kirbyzhou at sohu-rd.com> wrote:
> I can do smbclient with the DC, but ads join failed.
>
> ]# smbclient //10.10.96.207/sysvol -U Administrator
> Enter Administrator's password:
> Domain=[SOHU-TEST] OS=[Windows Server 2008 R2 Enterprise 7600]
> Server=[Windows Server 2008 R2 Enterprise 6.1]
> smb: \> ls
> . D 0 Mon Jun 21 18:44:29 2010
> .. D 0 Mon Jun 21 18:44:29 2010
> SOHU-TEST.COM D 0 Mon Jun 21 18:44:29 2010
>
> 65433 blocks of size 1048576. 52832 blocks available
> smb: \>
>
> /usr/bin/net join -w SOHU-TEST -S 10.10.96.207 -U Administrator
> Enter Administrator's password:
> Failed to join domain: failed to connect to AD: Operations error
> ADS join did not work, falling back to RPC...
> Enter Administrator's password:
> [2010/06/21 19:21:47, 0] utils/net_rpc_join.c:398(net_rpc_join_newstyle)
> Error in domain join verification (credential setup failed):
> NT_STATUS_INVALID_COMPUTER_NAME
>
> Unable to join domain SOHU-TEST.
>
>
>
> Regards,
> Kirby Zhou
> from SOHU-RD +86-10-6272-8261
>
>
>
> _______________________________________________
> rhelv6-beta-list mailing list
> rhelv6-beta-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-beta-list
>
--
RHCE#805007969328369
_______________________________________________
rhelv6-beta-list mailing list
rhelv6-beta-list at redhat.com
https://www.redhat.com/mailman/listinfo/rhelv6-beta-list
_______________________________________________
rhelv6-beta-list mailing list
rhelv6-beta-list at redhat.com
https://www.redhat.com/mailman/listinfo/rhelv6-beta-list
More information about the rhelv6-beta-list
mailing list