[CentOS] Xen guest and samba

Thu Apr 26 21:03:36 UTC 2007
Andreas Rogge <arogge at gmx.de>

I have several XEN and VMWare VMs with CentOS 4.4 that joined AD
successfully.
However, I always used the following (simple) procedure:
  # kinit Administrator
  # net ads join
the net ads join command never asked for a password (because I already
did the kinit earlier).

I had issues only once when there already was a matching computer object
in the AD-Tree, so you might check that and remove it if required.

Regards,
Andreas Rogge

Am Mittwoch, den 25.04.2007, 10:51 -0400 schrieb Rick Barnes:
> Hello,
> I am new to this list, but having been using CentOS for sometime.
> 
> I recently installed CentOS 5 on a test server to check out Xen. The 
> installation was smooth had so far I have everything working except I 
> cannot get samba to join our AD domain from the xen guest, using 
> para-virtualization, I setup. I am out of ideas, and cannot find anyone 
> having similar problems.
> 
> I have tested my config files on the server itself (Dom0) and it joins 
> fine. But on the guest it will not join.
> 
> kinit works and I do get a ticket from kerberos. But when I try to join 
> I get:
> 
> # net ads join -U administrator
> administrator's password:
> Using short domain name -- ICN
> Failed to set servicePrincipalNames. Please ensure that
> the DNS domain of this server matches the AD domain,
> Or rejoin with using Domain Admin credentials.
> Disabled account for 'XEN01' in realm 'ICN.LOCAL'
> 
> In messages, I have:
> Apr 25 10:36:02 xen01 winbindd[29659]: [2007/04/25 10:36:02, 0] 
> libads/kerberos.c:ads_kinit_password(208)
> Apr 25 10:36:02 xen01 winbindd[29659]:   kerberos_kinit_password 
> XEN01$@ICN.LOCAL failed: Clients credentials have been revoked
> Apr 25 10:36:34 xen01 pcscd: winscard.c:219:SCardConnect() Reader E-Gate 
> 0 0 Not Found
> 
> The hosts, resolv.conf, smb.conf and krb5.conf files are the same 
> between the guest and Dom0 and are using the same version of samba. 
> Selinux has been disabled in order to make sure it was not interfering.
> 
> Has anyone had this issue or successfully able to join to a domain from 
> a guest?
> 
> Thanks,
> Rick
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3187 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20070426/4d5d3a76/attachment-0005.bin>