Re: Verifying you are Joining the Active Directory Domain
Il 02/02/2012 15:45, Gilmour, Scott ha scritto: > I was wondering if this is because we installed winbind4 rather than winbind? DON'T! Samba4 is not yet ok for production. Use samba-winbind-3.5.11 . After basic config of smb.conf (I posted mine some days ago) you can do: net ads join -U admin.user@AD.KRB5.REALM -- it asks admin's password and should tell "join OK". AD.KRB5.REALM must be properly configured in DNS (AD does it automatically) or you'll have to configure /etc/krb5.conf . Machine account should already have been created in AD. BYtE, Diego. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Verifying you are Joining the Active Directory Domain
On 02/02/2012 02:45 PM, Gilmour, Scott wrote: Hi, I was able to figure out my clock skew issue. I had to go to regedit on my 2008 Server and goto: HKEY_LOCAL_MACHINE>SYSTEM>Current Control Set>services>W32Time> Parameters Then select NTP Server to change the server address ip and change the Type to NTP I was able to join the domain correctly and from what I Understand I should see it added as A computer on my Windows 2008 Server PC. But when I do a wbinfo -u I do not see my domain users listed. I was wondering if this is because we installed winbind4 rather than winbind? This is really a Samba problem, and you need to seek help in appropriate places, such as the Samba list. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Verifying you are Joining the Active Directory Domain
Gilmour, Scott wrote: > I was able to figure out my clock skew issue. I had to go to regedit on my > 2008 Server and goto: > HKEY_LOCAL_MACHINE>SYSTEM>Current Control Set>services>W32Time> Parameters > Then select NTP Server to change the server address ip and change the Type to > NTP That's good. > I was able to join the domain correctly and from what I Understand I should > see it added as A computer on my > Windows 2008 Server PC. But when I do a wbinfo -u I do not see my domain > users listed. Are you sure that the users joined the domain? Logging in via 802.1X is just authentication. It isn't joining the domain. To join the domain, the client PC must use the Windows protocols after 802.1X has finished. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Verifying you are Joining the Active Directory Domain
Hi, I was able to figure out my clock skew issue. I had to go to regedit on my 2008 Server and goto: HKEY_LOCAL_MACHINE>SYSTEM>Current Control Set>services>W32Time> Parameters Then select NTP Server to change the server address ip and change the Type to NTP I was able to join the domain correctly and from what I Understand I should see it added as A computer on my Windows 2008 Server PC. But when I do a wbinfo -u I do not see my domain users listed. I was wondering if this is because we installed winbind4 rather than winbind? Thanks for everyones help, Scott root@FreeRadius:/etc/init.d# net ads testjoin Join is OK root@FreeRadius:/etc/init.d# net ads info LDAP server: 20.1.180.55 LDAP server name: 2008ServerR2.SQA.net Realm: SQA.NET Bind Path: dc=SQA,dc=NET LDAP port: 389 Server time: Thu, 02 Feb 2012 09:27:31 EST KDC server: 20.1.180.55 Server time offset: -124 root@FreeRadius:/etc/init.d# wbinfo -u Error looking up domain users root@FreeRadius:/etc/init.d# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Verifying you are Joining the Active Directory Domain
> Plus when I go to my 2008 Server and I open up Active Directory, Select my > Domain and choose Domain Controllers that my FreeRadius Server isn't listed > in that directory but it is listed under computers. Is this correct? That would seem likely as it's not a Domain Controller. The default place for any machine that's not a Domain Computer is Computers. If you have a computer object (and it's been created/updated recently) that would suggest you've joined the domain. However as others have mentioned you probably need to get the time issues sorted otherwise you might find authentications don't work that well. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Verifying you are Joining the Active Directory Domain
On Tue, Jan 31, 2012 at 08:54:40PM +, Gilmour, Scott wrote: > It looks like it joined the domain # net ads testjoin will tell you if you're joined or not - you should get "Join is OK". but when I do a wbinfo -u it gives me an error message: Error looking up domain users. > root@FreeRadius:/home/sqauser# > root@FreeRadius:/home/sqauser# wbinfo -u > Error looking up domain users If you've only just joined the domain, you likely need to restart winbindd. But get your time synchronized properly first. Matthew -- Matthew Newton, Ph.D. Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Verifying you are Joining the Active Directory Domain
Gilmour, Scott wrote: > Hi, > Still can't figure out why the clock is skewed since both my Ubuntu and > Active Directory server are showing the same time and Date. My Ubuntu server > is an NTP Server but when I issue the command net time system I get this > error Can't contact server (null). Error NT_STATUS_BAD_NETWORK_NAME Fix that before you go any further. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Verifying you are Joining the Active Directory Domain
Hi, Still can't figure out why the clock is skewed since both my Ubuntu and Active Directory server are showing the same time and Date. My Ubuntu server is an NTP Server but when I issue the command net time system I get this error Can't contact server (null). Error NT_STATUS_BAD_NETWORK_NAME It looks like it joined the domain but when I do a wbinfo -u it gives me an error message: Error looking up domain users. Plus when I go to my 2008 Server and I open up Active Directory, Select my Domain and choose Domain Controllers that my FreeRadius Server isn't listed in that directory but it is listed under computers. Is this correct? Thanks Scott root@FreeRadius:/home/sqauser# net ads join -U Administrator Enter Administrator's password: Using short domain name -- SQA Joined 'FREERADIUS' to realm 'SQA.net' [2012/01/31 15:44:15, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password FREERADIUS$@SQA.NET failed: Clock skew too great root@FreeRadius:/home/sqauser# root@FreeRadius:/home/sqauser# wbinfo -u Error looking up domain users root@FreeRadius:/home/sqauser# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
