Hello, I am new to this list, but having been using CentOS for sometime.
I recently installed CentOS 5 on a test server to check out Xen. The installation was smooth had so far I have everything working except I cannot get samba to join our AD domain from the xen guest, using para-virtualization, I setup. I am out of ideas, and cannot find anyone having similar problems.
I have tested my config files on the server itself (Dom0) and it joins fine. But on the guest it will not join.
kinit works and I do get a ticket from kerberos. But when I try to join I get:
# net ads join -U administrator administrator's password: Using short domain name -- ICN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'XEN01' in realm 'ICN.LOCAL'
In messages, I have: Apr 25 10:36:02 xen01 winbindd[29659]: [2007/04/25 10:36:02, 0] libads/kerberos.c:ads_kinit_password(208) Apr 25 10:36:02 xen01 winbindd[29659]: kerberos_kinit_password XEN01$@ICN.LOCAL failed: Clients credentials have been revoked Apr 25 10:36:34 xen01 pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found
The hosts, resolv.conf, smb.conf and krb5.conf files are the same between the guest and Dom0 and are using the same version of samba. Selinux has been disabled in order to make sure it was not interfering.
Has anyone had this issue or successfully able to join to a domain from a guest?
Thanks, Rick
I have several XEN and VMWare VMs with CentOS 4.4 that joined AD successfully. However, I always used the following (simple) procedure: # kinit Administrator # net ads join the net ads join command never asked for a password (because I already did the kinit earlier).
I had issues only once when there already was a matching computer object in the AD-Tree, so you might check that and remove it if required.
Regards, Andreas Rogge
Am Mittwoch, den 25.04.2007, 10:51 -0400 schrieb Rick Barnes:
Hello, I am new to this list, but having been using CentOS for sometime.
I recently installed CentOS 5 on a test server to check out Xen. The installation was smooth had so far I have everything working except I cannot get samba to join our AD domain from the xen guest, using para-virtualization, I setup. I am out of ideas, and cannot find anyone having similar problems.
I have tested my config files on the server itself (Dom0) and it joins fine. But on the guest it will not join.
kinit works and I do get a ticket from kerberos. But when I try to join I get:
# net ads join -U administrator administrator's password: Using short domain name -- ICN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'XEN01' in realm 'ICN.LOCAL'
In messages, I have: Apr 25 10:36:02 xen01 winbindd[29659]: [2007/04/25 10:36:02, 0] libads/kerberos.c:ads_kinit_password(208) Apr 25 10:36:02 xen01 winbindd[29659]: kerberos_kinit_password XEN01$@ICN.LOCAL failed: Clients credentials have been revoked Apr 25 10:36:34 xen01 pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found
The hosts, resolv.conf, smb.conf and krb5.conf files are the same between the guest and Dom0 and are using the same version of samba. Selinux has been disabled in order to make sure it was not interfering.
Has anyone had this issue or successfully able to join to a domain from a guest?
Thanks, Rick _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Andreas Rogge -
Rick Barnes