Hi Nico
It's not up to me to decide (and implement) the OS updates :-( and
thus cannot do anything about the status of security of the systems.
Though I completely agree with you :-)
Now to the Samba ADS integraztion problem. I only need to execute the
net ads command, I need the windows domain membership for a service
running on this system not for local logins.
TIA
Paolo
On Wed, Jan 23, 2013 at 1:12 AM, Nico Kadel-Garcia nka...@gmail.com wrote:
On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino paolo.sup...@gmail.com wrote:
Hi
I'm trying to make a Linux server (RHEL 5.3) join my company's ADS
domain. The company's domain is built from serveral kerberos realms
Stop *right* there. If you have RHEL, and you've been regularly
applying updates, you've automatically updated to RHEL 5.9 since its
release a few weeks ago. RHEL 5.3 is now 4 yours old and you should
*not* use it for any security sensitive functions like the critical
Kerberos authentication in an ADS domain, without the Red Hat
published system updates. So do the system updates first.
and Windows domain. the Linux FQDN resolves to the name of one of the
kerberos realms we have, but I was asked to to have the linux server
join a different kerberos realm and windows Domain. When I attempt to
run the command: 'net ads join -U [account] -w [domain]. I get the
following error:
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
I know it's possible because it was done in the company in the past
(unfortunately) the sysadmin that did it no longer works here and no
one else knows how to reproduce how he did it.
Are you using the built-in Samba 3.0.33, the available samba3x tool
that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If
you're using the built-in Samba 3.0.33 or the samba3x package, you
should be able to use authconfig to set all of this in PAM,a nd only
need net ads to register the particular host with AD credentials.
And are you making sure to use net ads join -U 'admin@remotedomain'
-w 'remotedomain', if the DNS domain does not match the AD domain?
You might also install, and try working with, the X-based version of
the system-config-authentication command which provides reasonable
GUI options for most of this.
I know this email is scarce on helpfull information. I simply don't
know what information to supply (I have the output of join with -d 4
and -d 10 debug levels).
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba