Page 18 of 21 FirstFirst ... 81617181920 ... LastLast
Results 171 to 180 of 209

Thread: HOWTO: Active Directory Authentication

  1. #171
    Join Date
    Jul 2008
    Beans
    27

    Re: HOWTO: Active Directory Authentication

    Ok guys Few Question i have been struggling to get my Linux machine connected to my Domain for about a week now. i tried following this HOW TO: but to no success the only way i seam to be able to get it to join is to use LIKEWISE. Only i still cannot see the share drives on the windows server.what is the difference between likewise and this how to: i really want to make this work. also i was thinking about building a Linux server that would also communicate with the windows server. is that even possible.
    i have to admit i am the definition of a noob in the Linux world but i catch on quick any help would be most appreciated. i have to learn as much as i can as fast as i can so i will be able to support several machines at work.

  2. #172
    Join Date
    Mar 2006
    Location
    Cleveland Ohio
    Beans
    10
    Distro
    Dapper Drake Testing/

    Re: HOWTO: Active Directory Authentication

    Everything worked but joining my system to the domain

    here is the error I get

    Using short domain name -- DOMAIN
    Deleted account for 'WORKSTATION' in realm 'DOMAIN.LOCAL'
    Failed to join domain: Type or value exists

    Any ideas?

  3. #173
    Join Date
    Apr 2005
    Location
    Skiptvet, NORWAY
    Beans
    4

    Re: HOWTO: Active Directory Authentication

    This HowTo was what I needed to get AD integration of my Linux boxes up and running, thanks!

    My "problem" is more or less a curyosyty. I have a lockal user whit the same loginname as one of the AD users. The local user has $HOME=/home/<login> and the AD user has $HOME=/home/AD/<login>. When I tyr to login, I punch login and the password and get loged in and the $HOME is /home/<login>. It does not mather if i use the password to the lockal or the AD user, I end up in /home/<login>.

    Is there anybody that has any idea of how to conf pam (I thinck pam is the key) so that I get the right $HOME.

  4. #174
    Join Date
    Jul 2007
    Beans
    18

    Re: HOWTO: Active Directory Authentication

    This How to is using ubuntu server, im a noob with regards to networking and AD but at work we have 20 odd low spec laptops that arn't capable of running XP can we use ubuntu to connect to AD, if so can we use the normal desktop edition or do we need to use ubuntu server?

    comments would be appreciated!

  5. #175
    Join Date
    Jan 2006
    Location
    Atlanta, GA
    Beans
    144
    Distro
    Ubuntu

    Re: HOWTO: Active Directory Authentication

    Can anyone help me with these errors?

    Code:
    [root home]# kinit DOMAINADMIN@DOMAIN.COM
    Password for DOMAINADMIN@DOMAIN.COM: 
    [root home]# klist
    Ticket cache: FILE:/tmp/krb5cc_0
    Default principal: DOMAINADMIN@DOMAIN.COM
    
    Valid starting     Expires            Service principal
    09/10/08 02:27:10  09/10/08 03:07:10  krbtgt/DOMAIN.COM@DOMAIN.COM
    
    
    Kerberos 4 ticket cache: /tmp/tkt0
    klist: You have no tickets cached
    [root home]# net ads join -U DOMAINADMIN@DOMAIN.COM
    DOMAINADMIN@DOMAIN.COM's password: 
    Failed to join domain!
    [root home]# net ads info
    LDAP server: 192.168.1.5
    LDAP server name: windowserver.domain.com
    Realm: DOMAIN.COM
    Bind Path: dc=DOMAIN,dc=COM
    LDAP port: 389
    Server time: Wed, 10 Sep 2008 02:26:45 EDT
    KDC server: 192.168.1.5
    Server time offset: -69
    Thanks for any suggestions!

  6. #176
    Join Date
    Nov 2008
    Beans
    1

    Re: HOWTO: Active Directory Authentication

    Hi,

    I applied the provided setup about 10 months ago successfully. Thanks for that.
    Meanwhile a new request arised, which I currently don't know how to address:
    A dedicated AD User account should be setup to inherit root privileges in order to "clean up" user shares, i.e. delete files and directories.
    I tried alread to add "write list" with the acccount's name to the smb.conf [global] and [homes] sections, but w/o any luck.

    Any ideas on how to set this up?

    Thanks.

  7. #177
    Join Date
    Jun 2006
    Location
    Ontario, Canada
    Beans
    17
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Question Re: HOWTO: Active Directory Authentication

    I've followed through the howto and am having good success on Ubuntu 8.10 (Intrepid Ibex, I think) until the "net ads join" stage. I'm getting my ticket fine:

    Code:
    $ klist
    Ticket cache: FILE:/tmp/krb5cc_1000
    Default principal: myusername@MYSUBDOMAIN.MYDOMAIN.ICS
    
    Valid starting     Expires            Service principal
    11/06/08 13:01:01  11/06/08 19:41:01  krbtgt/MYSUBDOMAIN.MYDOMAIN.ICS@MYSUBDOMAIN.MYDOMAIN.ICS
    
    
    Kerberos 4 ticket cache: /tmp/tkt1000
    klist: You have no tickets cached
    But when I perform the net ads join, I get the following (with debug enabled):
    Code:
    $ net ads join -U myusername@MYSUBDOMAIN.MYDOMAIN.ICS -d1
    Enter myusername@MYSUBDOMAIN.MYDOMAIN.ICS's password:
    [2008/11/06 13:01:18,  1] libnet/libnet_join.c:libnet_Join(1770)
      libnet_Join:
          libnet_JoinCtx: struct libnet_JoinCtx
              in: struct libnet_JoinCtx
                  dc_name                  : NULL
                  machine_name             : 'MYHOSTNAME'
                  domain_name              : *
                      domain_name              : 'MYSUBDOMAIN.MYDOMAIN.ICS'
                  account_ou               : NULL
                  admin_account            : 'myusername@MYSUBDOMAIN.MYDOMAIN.ICS'
                  admin_password           : *
                  machine_password         : NULL
                  join_flags               : 0x00000023 (35)
                         0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                         0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                         0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                         0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                         0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                         1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                         0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                         0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                         1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                         1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
                  os_version               : NULL
                  os_name                  : NULL
                  create_upn               : 0x00 (0)
                  upn                      : NULL
                  modify_config            : 0x00 (0)
                  ads                      : NULL
                  debug                    : 0x01 (1)
                  secure_channel_type      : SEC_CHAN_WKSTA (2)
    [2008/11/06 13:01:19,  1] libnet/libnet_join.c:libnet_Join(1801)
      libnet_Join:
          libnet_JoinCtx: struct libnet_JoinCtx
              out: struct libnet_JoinCtx
                  account_name             : NULL
                  netbios_domain_name      : NULL
                  dns_domain_name          : NULL
                  dn                       : NULL
                  domain_sid               : NULL
                      domain_sid               : (NULL SID)
                  modified_config          : 0x00 (0)
                  error_string             : 'failed to find DC for domain MYSUBDOMAIN.MYDOMAIN.ICS'
                  domain_is_ad             : 0x00 (0)
                  result                   : WERR_DOMAIN_CONTROLLER_NOT_FOUND
    Failed to join domain: failed to find DC for domain MYSUBDOMAIN.MYDOMAIN.ICS
    I can ping the DC machine by hostname without issue, fwiw. Any thoughts on how to work around this?

    ~~Douglas K

  8. #178
    Join Date
    Jul 2008
    Beans
    5

    Re: HOWTO: Active Directory Authentication

    Has anyone found a resolution? I am using Intrepid Ibex and have the same experience that DouglasK has. I've been working this for several days trying this and that but am at my wits end. ANy help appreciated (please post here for others who are in the same boat). Thanks

  9. #179
    Join Date
    Jun 2006
    Location
    United States
    Beans
    15
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Re: HOWTO: Active Directory Authentication

    I'd like to put a link to this thread in here because it has to do with my question:
    http://ubuntuforums.org/showthread.php?t=897860.

    I didn't exactly follow the instructions that started this thread to join my Ubuntu box to a Windows Active Directory DOMAIN (instead, I followed these).

    I am wondering how to map to a user's network drive (i.e. smb://DOMAIN/username$) so THAT is the user's Home location (instead of the default user/home).

    I also need to set permissions so that the AD users don't have access to even read the root directory (or other people's stuff), install anything, etc... Would this be done by adding a Active Directory's group to Ubuntu, and setting that group's permissions while logged in as root or Super User?
    Last edited by Rudy507; December 11th, 2008 at 11:38 PM.

  10. #180
    Join Date
    Aug 2006
    Beans
    4

    Re: HOWTO: Active Directory Authentication

    Quote Originally Posted by innovate2000 View Post
    Has anyone found a resolution? I am using Intrepid Ibex and have the same experience that DouglasK has. I've been working this for several days trying this and that but am at my wits end. ANy help appreciated (please post here for others who are in the same boat). Thanks
    It seems the Russians are pretty smart:

    http://forum.ubuntu.ru/index.php?topic=10062.msg308220

    (For the benefit of those of you who don't want to run to Google translate and can't understand Russian: ) It looks like you can join the domain without including '@MYSUBDOMAIN.MYDOMAIN.ICS' on the "net ads join" command.

    Woohoo!

Page 18 of 21 FirstFirst ... 81617181920 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •