In an attempt to integrate Radius with AD, and following the tutorial (http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO) I have set up an AD server in our lab, and having trouble adding my linux box to the domain. Can anyone see what im doing wrong? The error I keep getting is:
$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo] password for wuntee: Enter Administrator's password: [2010/10/28 12:23:36.656829, 0] utils/net_rpc_join.c:406(net_rpc_join_newstyle) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain SECLAB. Kerberos seems to work fine: $ kinit mrowle000 Password for mrowle...@seclab.security.lab.net: $ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: mrowle...@seclab.security.lab.net Valid starting Expires Service principal 10/28/10 12:27:29 10/28/10 22:27:23 krbtgt/seclab.security.lab....@seclab.security.lab.net renew until 10/29/10 12:27:29 CONFIGS: krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log kdc = SYSLOG:INFO:AUTH admin_server = FILE:/var/log/kadmind.log admin_server = SYSLOG:INFO:AUTH [libdefaults] default_realm = SECLAB.SECURITY.LAB.NET dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [realms] SECLAB.SECURITY.LAB.NET = { kdc = seclab.security.lab.net:88 default_domain = seclab.secuitry.lab.net } [domain_realm] .seclab.security.lab.net = SECLAB.SECURITY.LAB.NET seclab.security.lab.net = SECLAB.SECURITY.LAB.NET Samba.conf [global] workgroup = SECLAB.SECURITY.LAB.NET server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ads encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = no password server = seclab.security.lab.net //your AD-server realm = SECLAB.SECURITY.LAB.NET //your real usershare allow guests = yes [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html