[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
Problem joing RHEL4 to Windows Server 2003 Active Directory using winbind

From: "kevin huang" <khuang888 gmail com>
To: nahant-list redhat com
Subject: Problem joing RHEL4 to Windows Server 2003 Active Directory using winbind
Date: Thu, 16 Mar 2006 23:49:48 +1100
Hi there

I have been trying to get my RHEL4 client to join on a Windows domain,
however, i still cant retrieve a list of domain users from the domain
by running the command wbinfo -u. By the way, i am running Vmware.

Here is a quick summary of where I am at:

1) kinit -V Administrator NWTRADERS MSFT
When I ran the above command, I could get a ticket successfully. I
then confirmed this by running klist:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator NWTRADERS MSFT

Valid starting     Expires            Service principal
03/16/06 23:08:21  03/17/06 09:07:17  krbtgt/NWTRADERS MSFT NWTRADERS MSFT
        renew until 03/17/06 23:08:21

2) net ads join -S LONDON.NWTRADERS.MSFT -U administrator
I was able to joing my RHEL4 machine to Windows Server 2003 AD i.e a
computer object for my RHEL4 machine was created in AD. Below is the
output

"Using short domain name -- NWTRADERS
Joined 'BRISBANE' to realm 'NWTRADERS.MSFT'"

3) wbinfo -t
I ran the above command and it returned "checking the trust secret via
RPC calls succeeded". Ok so far so good.

4) wbinfo -u
This is where i am stucked. I ran the command and it returned "Error
looking up domain users"

Below are my configuration files for
- smb.conf
- krb5.conf
- nsswitch.conf

--- smb.conf --------------------
[global]
  workgroup = NWTRADERS
  security = ads
  realm = NWTRADERS.MSFT
  password server = LONDON.NWTRADERS.MSFT
  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  template shell = /bin/bash
  template homedir = /home/%D/%D\%U
  interfaces = 192.168.1.1 eth1
  ldap admin dn = cn=Administrator,cn=users,DC=nwtraders,DC=msft
  ldap suffix = DC=nwtraders,DC=msft
  winbind use default domain = Yes
  winbind trusted domains only = Yes

---- krb5.conf ----------------------------------------------------------------------------------
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_realm = nwtraders.msft

[realms]
 NWTRADERS.MSFT = {
  kdc = london.nwtraders.msft:88
  admin_server = london.nwtraders.msft:749
  default_domain = nwtraders.msft
 }

[domain_realm]
 .nwtraders.msft = NWTRADERS.MSFT
 nwtraders.msft = NWTRADERS.MSFT

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

---- nsswitch.conf
----------------------------------------------------------------------------
passwd:     files winbind
shadow:     files
group:      files winbind

hosts:      files dns

bootparams: files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  files
automount:  files
aliases:    files

Here is the output from winbindd.log:

[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
  Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password host/BRISBANE NWTRADERS MSFT failed:
Resource temporarily unavailable
[2006/03/16 23:49:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain NWTRADERS failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
  Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
  Kinit failed: Resource temporarily unavailable

What does it mean when it says "Resoure temporarily unavailable"?

Also, I checked the system log file in Windows, and here is what I
have discovered:

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Account Logon
Event ID:	675
Date:		16/03/2006
Time:		11:48:19 PM
User:		NT AUTHORITY\SYSTEM
Computer:	LONDON
Description:
Pre-authentication failed:
 	User Name:	brisbane$
 	User ID:		NWTRADERS\brisbane$
 	Service Name:	krbtgt/NWTRADERS.MSFT
 	Pre-Authentication Type:	0x0
 	Failure Code:	0x19
 	Client Address:	192.168.1.2


I would be very grateful if anyone can help me out on my problem.
Thanks in advance

Regards

Kevin
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]