J
Jason Long
Guest
Hello.
I launch a CentOS Linux server (DHCP, DNS and domain controller) via Samba-sernet. My linux server is :
workgroup = LINUX
realm = LINUX.DJ
netbios name = FILESERVER
I can join Windows clients to my Linux domain very easy but I can't add Linux clients. I change "smb.conf" as below on my Linux client :
# cat /etc/samba/smb.conf
[global]
workgroup = LINUX
security = ADS
realm = LINUX.DJ
password server = 192.168.72.1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind normalize names = Yes
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config LINUX : backend = ad
idmap config LINUX : range = 10000-999999
idmap config LINUX : schema_mode = rfc2307
printcap name = cups
cups options = raw
usershare allow guests = yes
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log level = 6
wins server = fileserver.linux.dj
[homes]
comment = Home Directories
browseable = no
writable = yes
and krb5.conf is as below :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = LINUX.DJ
default_ccache_name = KEYRING
ersistent:%{uid}
[realms]
LINUX.DJ = {
kdc = 192.168.72.1 # The IP Address of Linux DNS Server.
}
[domain_realm]
.linux.DJ = .LINUX.DJ
Linux.DJ = .LINUX.DJ
and then run below command for join :
[root@test2 ~]# net ads join -U administrator
Enter administrator's password:
Using short domain name -- LINUX
Joined 'TEST2' to realm 'linux.dj'
DNS Update for test2.linux.dj failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed!
But I can't login to my linux client via AD user name.
I launch a CentOS Linux server (DHCP, DNS and domain controller) via Samba-sernet. My linux server is :
workgroup = LINUX
realm = LINUX.DJ
netbios name = FILESERVER
I can join Windows clients to my Linux domain very easy but I can't add Linux clients. I change "smb.conf" as below on my Linux client :
# cat /etc/samba/smb.conf
[global]
workgroup = LINUX
security = ADS
realm = LINUX.DJ
password server = 192.168.72.1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind normalize names = Yes
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config LINUX : backend = ad
idmap config LINUX : range = 10000-999999
idmap config LINUX : schema_mode = rfc2307
printcap name = cups
cups options = raw
usershare allow guests = yes
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log level = 6
wins server = fileserver.linux.dj
[homes]
comment = Home Directories
browseable = no
writable = yes
and krb5.conf is as below :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = LINUX.DJ
default_ccache_name = KEYRING
ersistent:%{uid}[realms]
LINUX.DJ = {
kdc = 192.168.72.1 # The IP Address of Linux DNS Server.
}
[domain_realm]
.linux.DJ = .LINUX.DJ
Linux.DJ = .LINUX.DJ
and then run below command for join :
[root@test2 ~]# net ads join -U administrator
Enter administrator's password:
Using short domain name -- LINUX
Joined 'TEST2' to realm 'linux.dj'
DNS Update for test2.linux.dj failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed!
But I can't login to my linux client via AD user name.
