Problem joing RHEL4 to Windows Server 2003 Active Directory using winbind

Hi there
I have been trying to get my RHEL4 client to join on a Windows domain,
however, i still cant retrieve a list of domain users from the domain
by running the command wbinfo -u. By the way, i am running Vmware and the
samba packege I am using is samba-3.0.10-1.4E.2.

Here is a quick summary of where I am at:

1) kinit -V Administrator@xxxxxxxxxxxxxx
When I ran the above command, I could get a ticket successfully. I
then confirmed this by running klist:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@xxxxxxxxxxxxxx

Valid starting Expires Service principal
03/16/06 23:08:21 03/17/06 09:07:17 krbtgt/NWTRADERS.MSFT@xxxxxxxxxxxxxx
renew until 03/17/06 23:08:21

2) net ads join -S LONDON.NWTRADERS.MSFT -U administrator
I was able to joing my RHEL4 machine to Windows Server 2003 AD i.e a
computer object for my RHEL4 machine was created in AD. Below is the
output

"Using short domain name -- NWTRADERS
Joined 'BRISBANE' to realm 'NWTRADERS.MSFT'"

3) wbinfo -t
I ran the above command and it returned "checking the trust secret via
RPC calls succeeded". Ok so far so good.

4) wbinfo -u
This is where i am stucked. I ran the command and it returned "Error
looking up domain users"

Below are my configuration files for
- smb.conf
- krb5.conf
- nsswitch.conf

--- smb.conf --------------------
[global]
workgroup = NWTRADERS
security = ads
realm = NWTRADERS.MSFT
password server = LONDON.NWTRADERS.MSFT
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%D/%D\%U
interfaces = 192.168.1.1 eth1
ldap admin dn = cn=Administrator,cn=users,DC=nwtraders,DC=msft
ldap suffix = DC=nwtraders,DC=msft
winbind use default domain = Yes
winbind trusted domains only = Yes

---- krb5.conf----------------------------------------------------------------------------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
dns_lookup_realm = false
dns_lookup_kdc = false
default_realm = nwtraders.msft

[realms]
NWTRADERS.MSFT = {
kdc = london.nwtraders.msft:88
admin_server = london.nwtraders.msft:749
default_domain = nwtraders.msft
}

[domain_realm]
.nwtraders.msft = NWTRADERS.MSFT
nwtraders.msft = NWTRADERS.MSFT

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

---- nsswitch.conf
----------------------------------------------------------------------------
passwd: files winbind
shadow: files
group: files winbind

hosts: files dns

bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files

Here is the output from winbindd.log:

[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password host/BRISBANE@xxxxxxxxxxxxxx failed:
Resource temporarily unavailable
[2006/03/16 23:49:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NWTRADERS failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Resource temporarily unavailable
[2006/03/16 23:49:57, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Resource temporarily unavailable

What does it mean when it says "Resoure temporarily unavailable"?

Also, I checked the system log file in Windows, and here is what I
have discovered:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 16/03/2006
Time: 11:48:19 PM
User: NT AUTHORITY\SYSTEM
Computer: LONDON
Description:
Pre-authentication failed:
User Name: brisbane$
User ID: NWTRADERS\brisbane$
Service Name: krbtgt/NWTRADERS.MSFT
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 192.168.1.2


I would be very grateful if anyone can help me out on my problem.
Thanks in advance

Regards


Kevin
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Windows Media Player Crashes on Web Access with Domain User accoun
    ... Media player crashes with the text "Opening..." ... If I remove the user from the Power Users group, ... domain users unrestricted read/write access to C: ... Windows XP Pro SP2 with all updates applied, ...
    (microsoft.public.windowsmedia.player)
  • Samba Winbind Issue
    ... Domain Users properly using getent, but I have no problem using wbinfo. ... am trying to set permissions using setfacl and chown/chgrp for Windows ... Domain Accounts and get errors when attempting to resolve the Windows Domain ...
    (linux.redhat)
  • Samba Winbind Issue
    ... Domain Users properly using getent, but I have no problem using wbinfo. ... am trying to set permissions using setfacl and chown/chgrp for Windows ... Domain Accounts and get errors when attempting to resolve the Windows Domain ...
    (alt.os.linux)
  • Re: Local Machine Rights in a Domain
    ... > machine's administrator group, sometimes it works, and sometimes it ... You should be able to add Domain Users or any domain group to the local ...
    (microsoft.public.windows.server.setup)
  • Re: [OT] Universities, Linux, M$, USA
    ... However, most universities also run more serious systems for servers, ... access machines (aka "lab machines" run WIndows). ... Statistics dept, the lab has some 16 odd Dells running XP, two ... self-built running RHEL4 and one Apple with MAC OSX 10.4. ...
    (Debian-User)