Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Suse 9.1 joining to Active Directory

Status
Not open for further replies.
Borvik

Borvik

Programmer
Jan 2, 2002
1,392
US
I need to get our mail server which is running (Suse 9.1 and postfix) to connect to Active Directory.

I am having difficulties joining the domain.

Code: 
ao:/etc/samba # net ads join -U Administrator
Administrator's password:
[2007/09/18 16:29:16, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Invalid credentials

I KNOW my password is correct.

Here is my smb.conf file:
Code: 
ao:/etc/samba # cat smb.conf
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
workgroup = DOMAIN
security = domain
realm = FULL.DOMAIN.COM

username map = /etc/samba/smbusers

winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes

And my krb5.conf file:
Code: 
ao:/etc/samba # cat /etc/krb5.conf
[libdefaults]
default_realm = FULL.DOMAIN.COM
        clockskew = 300

[realms]
FULL.DOMAIN.COM = {
  kdc = 192.100.100.13
  admin_server = 192.100.100.13
  kpasswd_server = 192.100.100.13
}

[domain_realm]
.full.domain.com = FULL.DOMAIN.COM

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log
        kadmind = FILE:/var/log/kadmind.log

[appdefaults]
        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 0
                debug = false
        }

How can I get it to join the domain?
 
Sort by date Sort by votes
I think I figured it out (it says I joined at least).

After finding and installing the tools necessary to use kinit I was able to determine the "clockskew was to great" or something like that.

I had tried changing the clockskew variable in the conf file but that didn't matter - so I checked the actual time difference. It was over 10 min different from the server, and the server most likely was rejecting it because of the difference. Once I fixed the time it appears to have worked.
 
Upvote 0 Downvote
You have to make sure your client time is set to be same as your AD server time.

Best is to ntpdate on both server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
143
MCP2000
MCP2000
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
341
spamjim
spamjim
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
159
kasperelectronics
kasperelectronics
Edwin Reyes
  • Locked
  • Question
High CPU utilization Linux Server due to mysql
Replies
1
Views
215
spamjim
spamjim
jponnusa
  • Locked
  • Question
Help on Mapping Local Directory for URL
Replies
1
Views
151
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top