Joining Ubuntu 10.04 in active directory

[guimenez]

Hi

i'm having problems joining my fresh install of ubuntu 10.04 in active directory.

- i've installed likewise-open 5.4
- edit /etc/resolv.conf and put the server ip
- edit /etc/nsswitch.conf and change the line hosts to: hosts: files dns [NOTFOUND=return] (because i'm using a domain that as the .local prefix

- sudo domainjoin-cli join mydomain.local Administrator
- enter the administrator password

and after all the steps i have this error:
error: Lsass Error [code 0x00080047]
87 (0x57) ERROR_INVALID_PARAMETER - Unknown error

I don't know what i can do more.
Hope someone can help me

many thanks

[guimenez]

i've finally solved this problem.
i've installed the last likewise-open package version 6
and now i can join to domain.

Now, my problem is that i can't login to domain

in the login screen i put DOMAIN.LOCAL\user
then i put the password but it fails to login

any help?

thanks

[HelpyHelperton]

i've finally solved this problem.
i've installed the last likewise-open package version 6
and now i can join to domain.

Now, my problem is that i can't login to domain

in the login screen i put DOMAIN.LOCAL\user
then i put the password but it fails to login

any help?

thanks

Have you tried:

DOMAIN\user

You can also set AssumeDefaultDomain to 1

/opt/likewise/bin/lwconfig AssumeDefaultDomain 1

Make sure you're using the latest version of Open from the Website 6.0.8269

After you set this, you can login with just 'user' instead of 'DOMAIN\user'.

[guimenez]

Have you tried:

DOMAIN\user

You can also set AssumeDefaultDomain to 1

/opt/likewise/bin/lwconfig AssumeDefaultDomain 1

Make sure you're using the latest version of Open from the Website 6.0.8269

After you set this, you can login with just 'user' instead of 'DOMAIN\user'.

It doesn't work.
i've try DOMAIN\user and nothing
and i don't have nothing in /opt folder (likewise does't exist)

if i put kinit user@domain.local it ask me for a password and it works well when i put the right password.

if i put sudo ssh user@localhost it ask me for a password and it says that is always wrong

i don't know what is happening.

thanks

[guimenez]

Please, any help on this?

thanks

[luvshines]

Did you get a chance to look at this:
https://bugs.launchpad.net/ubuntu/+s...en/+bug/567473

What does these files say:

Code:

cat /etc/nsswitch.conf | egrep "^passwd|^group|^shadow"
cat /etc/pam.d/sshd
cat /etc/pam.d/common-auth

Maybe you would also like to check auth logs to see what may be going wrong

Also, if this works:

Code:

wbinfo -a <DOMAIN-NAME>\\<username>%<passwd>

[dmizer]

Have a look here: http://ubuntuforums.org/showthread.php?t=1580505

[atworkwithjf]

guimenez,

The first thing you may want to check is if you can actually see your domain controller and if your machine is talking to your DNS server properly.

I'll assume your domain controller is also your DNS server.

Can you ping your DC?

If not let's have a look at your nsswitch.conf

One of the things that changed recently in Ubuntu was the hosts resolution order...

The defaults are now:

Code:

    hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4

The problem here is that if you're not using multicast DNS or files, it bails and so you'll have no host resolution. I'd contend that this should read:

Code:

    hosts:          files mdns4_minimal [NOTFOUND=continue] dns mdns4

This would actually insure that dns is considered in the absence of mdns4_minimal (otherwise why even bother having dns in the options???!!!)

So I would advise you start by making that single change and then seeing if it resolves any DNS issues.

Then I would try joining the domain again. If you are using 6.0 your install lopcation _should_ be /opt/likewise

usiong sudo join the domain and make sure it succeeds. It should say SUCCESS!

Code:

> sudo /opt/likewise/bin/domainjoin-cli join MYDOMAIN.COM Administrator

It will prompt you for the Admin password for your DC and then it shold join without issue.

Let's start there and if problems persist let me know and I'll see is I can help further.

-atworkwithjf

[guimenez]

guimenez,

The first thing you may want to check is if you can actually see your domain controller and if your machine is talking to your DNS server properly.

I'll assume your domain controller is also your DNS server.

Can you ping your DC?

If not let's have a look at your nsswitch.conf

One of the things that changed recently in Ubuntu was the hosts resolution order...

The defaults are now:

Code:

    hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4

The problem here is that if you're not using multicast DNS or files, it bails and so you'll have no host resolution. I'd contend that this should read:

Code:

    hosts:          files mdns4_minimal [NOTFOUND=continue] dns mdns4

This would actually insure that dns is considered in the absence of mdns4_minimal (otherwise why even bother having dns in the options???!!!)

So I would advise you start by making that single change and then seeing if it resolves any DNS issues.

Then I would try joining the domain again. If you are using 6.0 your install lopcation _should_ be /opt/likewise

usiong sudo join the domain and make sure it succeeds. It should say SUCCESS!

Code:

> sudo /opt/likewise/bin/domainjoin-cli join MYDOMAIN.COM Administrator

It will prompt you for the Admin password for your DC and then it shold join without issue.

Let's start there and if problems persist let me know and I'll see is I can help further.

-atworkwithjf

thanks for replying

i've change the nsswitch.conf, because without that i can't join the domain
my nssswitch.conf as hosts: files dns

i've successfully join the domain, the main problem its that i can't login

i don't know how to start

thanks

[guimenez]

this is my configuration files:

---------------- /etc/pam.d/common-auth ---------------
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_lsass.so try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_mount.so
session optional pam_mount.so


---------------- /etc/pam.d/common-session -------------
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session sufficient pam_lsass.so
session optional pam_mount.so
session optional pam_ck_connector.so nox11


--------------- /etc/pam.d/login ------------------------
auth optional pam_faildelay.so delay=3000000
auth required pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_mount.so
auth optional pam_mount.so try_first_pass

----------------------------------------------------------------------

thanks and hope someone can help me

this config work well in ubuntu 10.04 but not in the new ubuntu 10.10