put server string = MAT-DESKTOP On Thu, Oct 28, 2010 at 3:24 PM, Rowley, Mathew <mathew_row...@cable.comcast.com> wrote: > $ hostname > mat-desktop.security.lab.net > > > Short name is just mat-desktop > > > > Mathew Rowley > IIS Network Security Architecture > > > > > > On 10/28/10 12:41 PM, "Sallee, Stephen (Jake)" <jake.sal...@umhb.edu> > wrote: > >>I have to ask ... but what is your server's name? The error is saying >>that the name is incompatible with AD, do you have and special >>characters, any spaces, or any other weirdness in you server's name? >> >>Jake Sallee >>Godfather Of Bandwidth >>Network Engineer >> >>Fone: 254-295-4658 >>Phax: 254-295-4221 >> >> >>-----Original Message----- >>From: freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org >>[mailto:freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.o >>rg] On Behalf Of Rowley, Mathew >>Sent: Thursday, October 28, 2010 1:33 PM >>To: freeradius-users@lists.freeradius.org >>Subject: Problems getting a linux server to join a AD domain >> >>In an attempt to integrate Radius with AD, and following the tutorial >>(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT >>O) I have set up an AD server in our lab, and having trouble adding my >>linux box to the domain. Can anyone see what im doing wrong? The error I >>keep getting is: >> >>$ sudo net join -w SECLAB -I 10.252.159.137 -U Administrator [sudo] >>password for wuntee: >>Enter Administrator's password: >>[2010/10/28 12:23:36.656829, 0] >>utils/net_rpc_join.c:406(net_rpc_join_newstyle) >> Error in domain join verification (credential setup failed): >>NT_STATUS_INVALID_COMPUTER_NAME >> >>Unable to join domain SECLAB. >> >> >>Kerberos seems to work fine: >> >>$ kinit mrowle000 >>Password for mrowle...@seclab.security.lab.net: >>$ klist >>Ticket cache: FILE:/tmp/krb5cc_1000 >>Default principal: mrowle...@seclab.security.lab.net >> >>Valid starting Expires Service principal >>10/28/10 12:27:29 10/28/10 22:27:23 >>krbtgt/seclab.security.lab....@seclab.security.lab.net >>renew until 10/29/10 12:27:29 >> >> >>CONFIGS: >> >>krb5.conf >>[logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> kdc = SYSLOG:INFO:AUTH >> admin_server = FILE:/var/log/kadmind.log admin_server = >>SYSLOG:INFO:AUTH >> >>[libdefaults] >> default_realm = SECLAB.SECURITY.LAB.NET dns_lookup_realm = false >>dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes >> >>[appdefaults] >> pam = { >> debug = false >> ticket_lifetime = 36000 >> renew_lifetime = 36000 >> forwardable = true >> krb4_convert = false >> } >> >>[realms] >>SECLAB.SECURITY.LAB.NET = { >> kdc = seclab.security.lab.net:88 >> default_domain = seclab.secuitry.lab.net } >> >>[domain_realm] >>.seclab.security.lab.net = SECLAB.SECURITY.LAB.NET >>seclab.security.lab.net = SECLAB.SECURITY.LAB.NET >> >> >>Samba.conf >>[global] >> workgroup = SECLAB.SECURITY.LAB.NET >> server string = %h server (Samba, Ubuntu) >> dns proxy = no >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 0 >> panic action = /usr/share/samba/panic-action %d >> security = ads >> encrypt passwords = true >> passdb backend = tdbsam >> obey pam restrictions = yes >> unix password sync = yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> pam password change = yes >> map to guest = bad user >> idmap uid = 16777216-33554431 >> idmap gid = 16777216-33554431 >> template shell = /bin/bash >> winbind use default domain = no >> password server = seclab.security.lab.net //your AD-server >> realm = SECLAB.SECURITY.LAB.NET //your real >> usershare allow guests = yes >> >>[homes] >> comment = Home Directories >> browseable = no >> writable = yes >> >>[printers] >> comment = All Printers >> browseable = no >> path = /var/spool/samba >> printable = yes >> guest ok = no >> read only = yes >> create mask = 0700 >> >>[print$] >> comment = Printer Drivers >> path = /var/lib/samba/printers >> browseable = yes >> read only = yes >> guest ok = no >> >> >>- >>List info/subscribe/unsubscribe? See >>http://www.freeradius.org/list/users.html >> >>- >>List info/subscribe/unsubscribe? See >>http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html