[aklug] Re: Joining active directory: progress report

Christopher Howard wrote:
> This is a progress report on the project I mentioned earlier of joining
> a Mandriva 2008 box to Active Directory:
>
> My supervisor (a domain admin) tried to help me get the computer joined
> to our active directory. First thing we tried was the GUI tool for
> joining AD that now comes with Mandriva. As far a we could tell, it
> didn't seem to do anything but rewrite the smb.conf.
>
> Then we tried using the "smbpasswd" command with the -j switch to join.
> That, if I remember correctly, told us that we had to use the "net
> ads" command instead.
>
> So then my supervisor tried to join us with "net ads". He played around
> with a lot of config files, and he lost me for a little while (I think
> he knows a lot more about Linux and active directory than I do). But I
> believe he was referencing some on-line step-by-step guides:
> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
> http://www.onlamp.com/pub/a/onlamp/2008/04/01/step-by-step-using-samba-to-join-a-windows-domain.html
>
> It seems like he was making really good progress until we ran into this
> last problem, after which we ran out of time to continue working. Here
> is the last command's output:
> [root@localhost samba]# net ads join -U fxaaa
> fxaaa's password:
> [2008/06/03 16:38:26, 0] libads/kerberos.c:ads_kinit_password(228)
> kerberos_kinit_password BUN319-L01$@LABS.UAF.EDU failed: Client not
> found in Kerberos database
> Failed to join domain: Improperly formed account name
>
> I'm not sure exactly what is causing this, but there is a '$' after
> 'BUN319-L01' (the computer name) that shouldn't be there. The $ sign is
> not showing up in any of our config files, so I'm not sure how to get
> rid of it.
>
> Also, here is our smb.conf file:
> [global]
> security = domain

Should be 'ads' instead of 'domain'
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 3 17:59:10 2008