$ hostname mat-desktop.security.lab.net
Short name is just mat-desktop Mathew Rowley IIS Network Security Architecture On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)" <jake.sal...@umhb.edu> wrote: >I have to ask ... but what is your server's name? The error is saying >that the name is incompatible with AD, do you have and special >characters, any spaces, or any other weirdness in you server's name? > >Jake Sallee >Godfather Of Bandwidth >Network Engineer > >Fone: 254-295-4658 >Phax: 254-295-4221 > > >-----Original Message----- >From: freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org >[mailto:freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.o >rg] On Behalf Of Rowley, Mathew >Sent: Thursday, October 28, 2010 1:33 PM >To: freeradius-users@lists.freeradius.org >Subject: Problems getting a linux server to join a AD domain > >In an attempt to integrate Radius with AD, and following the tutorial >(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT >O) I have set up an AD server in our lab, and having trouble adding my >linux box to the domain. Can anyone see what im doing wrong? The error I >keep getting is: > >$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo] >password for wuntee: >Enter Administrator's password: >[2010/10/28 12:23:36.656829, 0] >utils/net_rpc_join.c:406(net_rpc_join_newstyle) > Error in domain join verification (credential setup failed): >NT_STATUS_INVALID_COMPUTER_NAME > >Unable to join domain SECLAB. > > >Kerberos seems to work fine: > >$ kinit mrowle000 >Password for mrowle...@seclab.security.lab.net: >$ klist >Ticket cache: FILE:/tmp/krb5cc_1000 >Default principal: mrowle...@seclab.security.lab.net > >Valid starting Expires Service principal >10/28/10 12:27:29 10/28/10 22:27:23 >krbtgt/seclab.security.lab....@seclab.security.lab.net >renew until 10/29/10 12:27:29 > > >CONFIGS: > >krb5.conf >[logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > kdc = SYSLOG:INFO:AUTH > admin_server = FILE:/var/log/kadmind.log admin_server = >SYSLOG:INFO:AUTH > >[libdefaults] > default_realm = SECLAB.SECURITY.LAB.NET dns_lookup_realm = false >dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes > >[appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > >[realms] >SECLAB.SECURITY.LAB.NET = { > kdc = seclab.security.lab.net:88 > default_domain = seclab.secuitry.lab.net } > >[domain_realm] >.seclab.security.lab.net = SECLAB.SECURITY.LAB.NET >seclab.security.lab.net = SECLAB.SECURITY.LAB.NET > > >Samba.conf >[global] > workgroup = SECLAB.SECURITY.LAB.NET > server string = %h server (Samba, Ubuntu) > dns proxy = no > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > security = ads > encrypt passwords = true > passdb backend = tdbsam > obey pam restrictions = yes > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n >*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > pam password change = yes > map to guest = bad user > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template shell = /bin/bash > winbind use default domain = no > password server = seclab.security.lab.net //your AD-server > realm = SECLAB.SECURITY.LAB.NET //your real > usershare allow guests = yes > >[homes] > comment = Home Directories > browseable = no > writable = yes > >[printers] > comment = All Printers > browseable = no > path = /var/spool/samba > printable = yes > guest ok = no > read only = yes > create mask = 0700 > >[print$] > comment = Printer Drivers > path = /var/lib/samba/printers > browseable = yes > read only = yes > guest ok = no > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html