Sample Header Ad - 728x90

Connecting to Active Directory (possibly with winbind)

2 votes
1 answer
9755 views
linux centos samba active-directory winbind
I'm trying to figure out how to integrate Linux environment authentication system to Windows server 2012, and I found a way using winbind. I've searched Google and there are several pages that introduce how to do it from synchronizing the time to configuring some config files. I set the hostname and hosts in Linux such as following. 
[/etc/hosts]
192.168.XXX.XX1 test1.example.com example ## Windows IP
192.168.XXX.XX2 test1 ## Linux IP

[/etc/hostname]
test1
I set up an Active Directory which has the following properties, and there are two accounts. 
Computer name : TEST1
Domain        : example.com
Account1      : Administrator
Account2      : tester1
So, I set the Linux environment DNS to AD's IP address. Can check the info in the "resolv.conf". 
[root ~]# nslookup example.com
Server:		192.168.xxx.xx1
Address:	192.168.xxx.xx1#53

Name:	example.com
Address: 192.168.xxx.xxx
In "nsswitch.conf", I added the 'winbind' word only next to 'files'. 
passwd:     files winbind
shadow:     files sss winbind
group:      files winbind
In "krb5.conf", I changed the lookup part and default realm. 
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = EXAMPLE.COM
[realms]
DOMAIN.COM = {
  kdc = example.com
  admin_server = example.com
}
[domain_realm]
.domain.com = EXAMPLE.COM
domain.com = EXAMPLE.COM
And finally, I set up smb.conf. However, there are lots of different way to set this up, so I'm not sure. Just selected one of the Google pages. When I tried to connect to Windows Server with "administrator" id, it shows the following error: 
[root ~]# net ads join -U Administrator
gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: Message stream modified](2529638953)
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/test1.example.com with user[Administrator] realm[EXAMPLE.COM]: The attempted logon is invalid. This is either due to a bad username or authentication information.
Failed to join domain: failed to connect to AD: The attempted logon is invalid. This is either due to a bad username or authentication information.
I'm stuck in this step, and I can't find the way how to solve it in Google. Do I need to edit some files in /etc/pam.d? After use the tool 'testparm' about smb.conf, finally I can't find any problems, but now it shows the following message when I use "net ads testjoin". 
ads_connect: No logon servers are currently available to service the logon request.
Asked by owcred601 (35 rep)
Jun 21, 2018, 06:36 AM
Last activity: Jul 4, 2018, 06:34 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "linux"
More questions tagged "centos"
More questions tagged "samba"
Footer Ad - 728x90