|
Home > Archive > Linux/Unix > November 2002 > need help joining a domain
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
need help joining a domain
|
|
| bass2k1 2002-11-15, 12:22 am |
| I am having a lot of trouble connecting my RedHat 8.0 box to our existing corporate Windows NT domain. I am on the network, i.e. I am able to ping all the servers and other workstations, however, I am unable to get our PDC to authenticate me, or to browse the network as such. Could anybody please help me with advice, links or any other reference regarding this.
much appreciated
sebastiaan.rothman@bhpbilliton.com | |
|
|
| bass2k1 2002-11-15, 4:16 am |
| Well, I get it to join the domain when I add it to the domain everytime, but I still can't get it to log me in using my NT logon credentials, I have to log on as root very single time, add the computer to the domain and run it as root.
I am able to connect to my servers via VNC, and I can ping most machines using their netbios names, but I still can't set up my e-mail and everything until I cvan get authenticated on the NT domain.
Thanks for your help thus far, really appreciate it. | |
| Mr. Linux Guy 2002-11-15, 7:47 am |
| In order to get your box to join the Windows domain, set security = domain. Create a "computer account" for the Linux PC (e.g. MyLinux) on the (WINDOM) domain PDC must pre-exist this command. When the Linux account is created on the domain PDC, you *must* check "Allow pre-Windows 2000 computers to use this account"; if it is not, then you get the "NT_Status_Access_Denied" error. Note where it says "User/Group that can add this computer to a domain = Domain Admins". Then run:
smbpasswd –j domainName.com –r PDCname
For example:
smbpasswd -j beer.com -r WINDOZE
This command should return: the date, followed by:
Change_trust_account_password:
Changed password for domain BEER.COM. Joined domain BEER.COM.
If you get the "NT_Status_Access_Denied" error, delete the Linux account on your Windows 2000 PDC, re-boot both PCs and re-create the account in "Active Directory Users & Computers", making sure to check "Allow pre-Windows 2000 computers to use this account". And yes, M$ thinks your Linux box as a "pre-Windows 2000 computer" for some peculiar reason.
If necessary, delete the PDC WINs computer account entries and re-boot the PDC; the PDC WINs will re-detect what’s really needed, including your Linux box.
If this doesn't work, let me know and post your error messages and config files. | |
|
| Just a couple of additions to Mr. Linux Guy's excellent post.
The bit about checking "Allow Pre-Windows 2000 Computers" will not apply if this is an NT domain. Otherwise, the process is the same.
Also, the steps described for setting security = domain for samba merely allow samba to authenticate accesses to samba shares from Windows machines on the network. They don't result in the ability to log into the linux machine with authentication from the NT PDC. For that you would need winbind. Before we start down that trail, maybe you should tell us a little more about how you want to use this linux machine on the network. | |
| bass2k1 2002-11-18, 1:01 am |
| First of all I would like to thank both of you for your well-worded posts. Even a linux-idiot like myself could actually figure out what was going on. It really helped a lot.
Well, as far as the whole "why" is concerned, I currently have my machine dual-booting with 2000 Pro and RH 8.0. I want to get more Linux exposure, since I want to move more towards it rather than going with the MS flow, so at the moment I am trying to get as much as possible Linux/UNIX admin experience as possible, since I am planning to sit the SAIR exams once I feel confident.
As for the "what", I basically need to unlock user acounts on an NT domain, set passwords, change user permissions, etc.
Thanks again for your replies! | |
|
| quote:
Originally posted by bass2k1
...so at the moment I am trying to get as much as possible Linux/UNIX admin experience as possible, since I am planning to sit the SAIR exams once I feel confident.
As for the "what", I basically need to unlock user acounts on an NT domain, set passwords, change user permissions, etc.
I'm studying for the LPI exams, myself.
I'm still a bit unclear about your "what." Do you want do this "on" the linux machine, or "from" it? Are you talking about setting passwords and permissions for users on the linux machine, from a windows machine, or are you talking about setting passwords and permissions for domain users from the linux machine?
Here's two different scenarios for integrating linux into a Windows NT/2000 domain. I've done both.
1. security = domain, no winbind. In this scenario, you log onto any windows machine using your domain account. You double-click on the linux machine icon in network neighborhood, and you automatically get into your home folder on the linux box. I use this, along with ssh logins from the windows machine (get puTTY for this), to remotely manage an Apache server on our school network.
2. security = domain, with winbind. With winbind, users log into the local linux machine using their NT domain user account. Makes for a nice cheap workstation on a NT domain. I've done this with both Red Hat 8 and Mandrake 9. I did it first with Red Hat 8, and it was a bit of a learning experience, because I had to do everything manually. With Mandrake 9 you can chose this option during setup, and nearly everything is automatic.
I suggest doing #1 first, and using it this way for a bit of time. Learn to manage your linux machine remotely with a ssh login. This forces you to learn the CLI tools for linux administration. While the latest distros all have nice GUI tools for most administrative tasks, certification will require you to know how to do the tasks from the command line. |
|
|
|
|