[aklug] Joining active directory: progress report

This is a progress report on the project I mentioned earlier of joining
a Mandriva 2008 box to Active Directory:

My supervisor (a domain admin) tried to help me get the computer joined
to our active directory. First thing we tried was the GUI tool for
joining AD that now comes with Mandriva. As far a we could tell, it
didn't seem to do anything but rewrite the smb.conf.

Then we tried using the "smbpasswd" command with the -j switch to join.
  That, if I remember correctly, told us that we had to use the "net
ads" command instead.

So then my supervisor tried to join us with "net ads". He played around
with a lot of config files, and he lost me for a little while (I think
he knows a lot more about Linux and active directory than I do). But I
believe he was referencing some on-line step-by-step guides:
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
http://www.onlamp.com/pub/a/onlamp/2008/04/01/step-by-step-using-samba-to-join-a-windows-domain.html

It seems like he was making really good progress until we ran into this
last problem, after which we ran out of time to continue working. Here
is the last command's output:
[root@localhost samba]# net ads join -U fxaaa
fxaaa's password:
[2008/06/03 16:38:26, 0] libads/kerberos.c:ads_kinit_password(228)
   kerberos_kinit_password BUN319-L01$@LABS.UAF.EDU failed: Client not
found in Kerberos database
Failed to join domain: Improperly formed account name

I'm not sure exactly what is causing this, but there is a '$' after
'BUN319-L01' (the computer name) that shouldn't be there. The $ sign is
not showing up in any of our config files, so I'm not sure how to get
rid of it.

Also, here is our smb.conf file:
[global]
security = domain
realm = labs.uaf.edu
workgroup = LABS
server string = Samba Server %v
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
unix charset = ISO8859-15
os level = 18
local master = no
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
template shell = /bin/bash
winbind use default domain = yes
restrict anonymous = no
domain master = no
preferred master = no
netbios name = bun319-L01
max protocol = NT
acl compatibility = winnt
ldap ssl = No
server signing = Auto

And the hosts file:
[root@localhost etc]# cat hosts
127.0.0.1 bun319-L01.labs.uaf.edu localhost bun319-L01

I'm a little fuzzy about all of this. I think I will have to research
"net ads" some more. I might also ask my supervisor about creating the
object in AD first before trying to join the domain, rather than
creating it while joining.

-- Binary/unsupported file stripped by Ecartis --
-- Type: text/x-vcard
-- File: choward.vcf

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 3 17:41:27 2008