Hey Richard great guide having some problems, I cant get windows computers to join to the domain, I've got the computer accounts added, dns works (nslookup from a windows box for blackbeard.yarrrg.net returns 10.0.0.1) I had to edit my bind file to add known services so I added the following lines
Code:
_ldap._tcp.yarrrg.net. SRV 0 0 389 blackbeard.yarrrg.net.
_kerberos._tcp.yarrrg.net. SRV 0 0 88 blackbeard.yarrrg.net.
_ldap._tcp.dc._msdcs.yarrrg.net. SRV 0 0 389 blackbeard.yarrrg.net.
_kerberos._tcp.dc._msdcs.yarrrg.net. SRV 0 0 88 blackbeard.yarrrg.net.
now when I get the error message when attempting to join I get the following
Code:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
DNS was successfully queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain yarrrg.net:
The query was for the SRV record for _ldap._tcp.dc._msdcs.yarrrg.net
The following AD DCs were identified by the query:
blackbeard.yarrrg.net
Common causes of this error include:
- Host (A) records that map the name of the AD DCs to its IP addresses are missing or contain incorrect addresses.
- Active Directory Domain Controllers registered in DNS are not connected to the network or are not running.
For information about correcting this problem, click Help.
the box running ldap is also a nat router I dont think the iptables rules should be causing a problem but iptables -L displays the following
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpts:49160:49300
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
DROP tcp -- anywhere anywhere tcp dpts:0:1400
DROP udp -- anywhere anywhere udp dpts:0:1400
moblock_in 0 -- anywhere anywhere state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
DROP 0 -- anywhere 10.0.0.0/24
ACCEPT 0 -- 10.0.0.0/24 anywhere
ACCEPT 0 -- anywhere 10.0.0.0/24
moblock_fw 0 -- anywhere anywhere state NEW
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
moblock_out 0 -- anywhere anywhere state NEW
no idea what to do at this point I have copied your config files exactly while of course making the necessary changes I can post those if you'd like, I could really use a hand here lack of ability to do domain logins is becoming an issue
Thanks
Shawn Dixson
Bookmarks