I have to ask ... but what is your server's name? The error is saying that the name is incompatible with AD, do you have and special characters, any spaces, or any other weirdness in you server's name?
Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 -----Original Message----- From: freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.o rg] On Behalf Of Rowley, Mathew Sent: Thursday, October 28, 2010 1:33 PM To: freeradius-users@lists.freeradius.org Subject: Problems getting a linux server to join a AD domain In an attempt to integrate Radius with AD, and following the tutorial (http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT O) I have set up an AD server in our lab, and having trouble adding my linux box to the domain. Can anyone see what im doing wrong? The error I keep getting is: $ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo] password for wuntee: Enter Administrator's password: [2010/10/28 12:23:36.656829, 0] utils/net_rpc_join.c:406(net_rpc_join_newstyle) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain SECLAB. Kerberos seems to work fine: $ kinit mrowle000 Password for mrowle...@seclab.security.lab.net: $ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: mrowle...@seclab.security.lab.net Valid starting Expires Service principal 10/28/10 12:27:29 10/28/10 22:27:23 krbtgt/seclab.security.lab....@seclab.security.lab.net renew until 10/29/10 12:27:29 CONFIGS: krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log kdc = SYSLOG:INFO:AUTH admin_server = FILE:/var/log/kadmind.log admin_server = SYSLOG:INFO:AUTH [libdefaults] default_realm = SECLAB.SECURITY.LAB.NET dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [realms] SECLAB.SECURITY.LAB.NET = { kdc = seclab.security.lab.net:88 default_domain = seclab.secuitry.lab.net } [domain_realm] .seclab.security.lab.net = SECLAB.SECURITY.LAB.NET seclab.security.lab.net = SECLAB.SECURITY.LAB.NET Samba.conf [global] workgroup = SECLAB.SECURITY.LAB.NET server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ads encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = no password server = seclab.security.lab.net //your AD-server realm = SECLAB.SECURITY.LAB.NET //your real usershare allow guests = yes [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html