Connecting a CentOS 5.3 box to Win2k3 Active Directory

I'm trying to add a CentOS 5.3 box to the Active Directory and not
having much luck. I've Googled until I'm blue in the face and my
fingers are bleeding from all the typing and mouse clicking. Just
kidding about the blue in the face and bleeding fingers, but I am
frustrated.

I've been trying to add this box to the Active Directory so I can
connect the mail server on there to the Active Directory and not
having much luck. I've found numerous different "how-to" documents and
none of them say the same thing. I've got samba configured, I think,
but whenever I try to do a "net ads join -U <username>" it says
"ads_connect: No logon servers" and if I try to do a "kinit <username>
it says "kinit(v5): KDC reply did not match expectations while getting
initial credentials."

What am I doing wrong? Can someone please provide me with guidance on
how to do this? I'm NOT new to linux, just new to making it connect to
Active Directory. I'd really appreciate some help with this!

On Wed, 04 Mar 2009 06:06:47 -0800, John Aldrich faxed us with....

> I'm trying to add a CentOS 5.3 box to the Active Directory and not
> having much luck. I've Googled until I'm blue in the face and my fingers
> are bleeding from all the typing and mouse clicking. Just kidding about
> the blue in the face and bleeding fingers, but I am frustrated.
>
> I've been trying to add this box to the Active Directory so I can
> connect the mail server on there to the Active Directory and not having
> much luck. I've found numerous different "how-to" documents and none of
> them say the same thing. I've got samba configured, I think, but
> whenever I try to do a "net ads join -U <username>" it says
> "ads_connect: No logon servers" and if I try to do a "kinit <username>
> it says "kinit(v5): KDC reply did not match expectations while getting
> initial credentials."
>
> What am I doing wrong? Can someone please provide me with guidance on
> how to do this? I'm NOT new to linux, just new to making it connect to
> Active Directory. I'd really appreciate some help with this!

Does this give you any pointers?

https://help.ubuntu.com/community/ActiveDirectoryHowto

Forget the generic 'Ubuntuness' of it - the information is pretty generic
in most parts.

I work with mail appliances that make massive amounts of AD lookups from
a Linux platform on a read only basis. They make use of the OpenLDAP
libraries. This is flawless and has never given me trouble enough beyond
a couple of common gotcha's;

A big common gotcha is metacharacters in the password (" ' being too
evils)

From something not related to AD I can add that 2k3 server does SMB *NOT
CIFS* by default. Now I'm not going to pretend that I really understand
the intimate differences, but CIFS needs to be enabled on 2k3 if you
intent to use it - may be completely useless info - may even be outdated.

--
Replica Watches - TRY LIDL - Cheap meds? Visit your GP

On Mar 4, 1:56*pm, Blah Blah Blah <b...@bingobangobongo.com> wrote:
> On Wed, 04 Mar 2009 06:06:47 -0800, John Aldrich faxed us with....
>
>
>
> > I'm trying to add a CentOS 5.3 box to the Active Directory and not
> > having much luck. I've Googled until I'm blue in the face and my fingers
> > are bleeding from all the typing and mouse clicking. Just kidding about
> > the blue in the face and bleeding fingers, but I am frustrated.
>
> > I've been trying to add this box to the Active Directory so I can
> > connect the mail server on there to the Active Directory and not having
> > much luck. I've found numerous different "how-to" documents and none of
> > them say the same thing. I've got samba configured, I think, but
> > whenever I try to do a "net ads join -U <username>" it says
> > "ads_connect: No logon servers" and if I try to do a "kinit <username>
> > it says "kinit(v5): KDC reply did not match expectations while getting
> > initial credentials."
>
> > What am I doing wrong? Can someone please provide me with guidance on
> > how to do this? I'm NOT new to linux, just new to making it connect to
> > Active Directory. I'd really appreciate some help with this!
>
> Does this give you any pointers?
>
> https://help.ubuntu.com/community/ActiveDirectoryHowto
>
> Forget the generic 'Ubuntuness' of it - the information is pretty generic
> in most parts.
>
> I work with mail appliances that make massive amounts of AD lookups from
> a Linux platform on a read only basis. They make use of the OpenLDAP
> libraries. This is flawless and has never given me trouble enough beyond
> a couple of common gotcha's;
>
> A big common gotcha is metacharacters in the password (" ' being too
> evils)
>
> From something not related to AD I can add that 2k3 server does SMB *NOT
> CIFS* by default. Now I'm not going to pretend that I really understand
> the intimate differences, but CIFS needs to be enabled on 2k3 if you
> intent to use it - may be completely useless info - may even be outdated.
>
No, I don't think that's going to help. It's pretty Ubuntu-specific.
The files in /etc/pam.d just don't exist in CentOS. All I need to do
is authenticate to the Win2k3 domain, I'm not going to be doing any
file sharing or logging onto the local console as a Win2k3 user. I
just need to authenticate users for mail purposes.

On Thu, 05 Mar 2009 05:51:29 -0800, John Aldrich faxed us with....

> On Mar 4, 1:56Â*pm, Blah Blah Blah <b...@bingobangobongo.com> wrote:
>> On Wed, 04 Mar 2009 06:06:47 -0800, John Aldrich faxed us with....
>>
>>
>>
>> > I'm trying to add a CentOS 5.3 box to the Active Directory and not
>> > having much luck. I've Googled until I'm blue in the face and my
>> > fingers are bleeding from all the typing and mouse clicking. Just
>> > kidding about the blue in the face and bleeding fingers, but I am
>> > frustrated.
>>
>> > I've been trying to add this box to the Active Directory so I can
>> > connect the mail server on there to the Active Directory and not
>> > having much luck. I've found numerous different "how-to" documents
>> > and none of them say the same thing. I've got samba configured, I
>> > think, but whenever I try to do a "net ads join -U <username>" it
>> > says "ads_connect: No logon servers" and if I try to do a "kinit
>> > <username> it says "kinit(v5): KDC reply did not match expectations
>> > while getting initial credentials."
>>
>> > What am I doing wrong? Can someone please provide me with guidance on
>> > how to do this? I'm NOT new to linux, just new to making it connect
>> > to Active Directory. I'd really appreciate some help with this!
>>
>> Does this give you any pointers?
>>
>> https://help.ubuntu.com/community/ActiveDirectoryHowto
>>
>> Forget the generic 'Ubuntuness' of it - the information is pretty
>> generic in most parts.
>>
>> I work with mail appliances that make massive amounts of AD lookups
>> from a Linux platform on a read only basis. They make use of the
>> OpenLDAP libraries. This is flawless and has never given me trouble
>> enough beyond a couple of common gotcha's;
>>
>> A big common gotcha is metacharacters in the password (" ' being too
>> evils)
>>
>> From something not related to AD I can add that 2k3 server does SMB
>> *NOT CIFS* by default. Now I'm not going to pretend that I really
>> understand the intimate differences, but CIFS needs to be enabled on
>> 2k3 if you intent to use it - may be completely useless info - may even
>> be outdated.
>>
> No, I don't think that's going to help. It's pretty Ubuntu-specific. The
> files in /etc/pam.d just don't exist in CentOS. All I need to do is
> authenticate to the Win2k3 domain, I'm not going to be doing any file
> sharing or logging onto the local console as a Win2k3 user. I just need
> to authenticate users for mail purposes.

Sorry I bothered. Good luck. You may want to stop fu&king around with
Samba if all you are trying to do is authenticate.

--
Replica Watches - TRY LIDL - Cheap meds? Visit your GP

On Mar 5, 12:39*pm, Blah Blah Blah <b...@bingobangobongo.com> wrote:
> On Thu, 05 Mar 2009 05:51:29 -0800, John Aldrich faxed us with....
>
>
>
> > On Mar 4, 1:56*pm, Blah Blah Blah <b...@bingobangobongo.com> wrote:
> >> On Wed, 04 Mar 2009 06:06:47 -0800, John Aldrich faxed us with....
>
> >> > I'm trying to add a CentOS 5.3 box to the Active Directory and not
> >> > having much luck. I've Googled until I'm blue in the face and my
> >> > fingers are bleeding from all the typing and mouse clicking. Just
> >> > kidding about the blue in the face and bleeding fingers, but I am
> >> > frustrated.
>
> >> > I've been trying to add this box to the Active Directory so I can
> >> > connect the mail server on there to the Active Directory and not
> >> > having much luck. I've found numerous different "how-to" documents
> >> > and none of them say the same thing. I've got samba configured, I
> >> > think, but whenever I try to do a "net ads join -U <username>" it
> >> > says "ads_connect: No logon servers" and if I try to do a "kinit
> >> > <username> it says "kinit(v5): KDC reply did not match expectations
> >> > while getting initial credentials."
>
> >> > What am I doing wrong? Can someone please provide me with guidance on
> >> > how to do this? I'm NOT new to linux, just new to making it connect
> >> > to Active Directory. I'd really appreciate some help with this!
>
> >> Does this give you any pointers?
>
> >>https://help.ubuntu.com/community/ActiveDirectoryHowto
>
> >> Forget the generic 'Ubuntuness' of it - the information is pretty
> >> generic in most parts.
>
> >> I work with mail appliances that make massive amounts of AD lookups
> >> from a Linux platform on a read only basis. They make use of the
> >> OpenLDAP libraries. This is flawless and has never given me trouble
> >> enough beyond a couple of common gotcha's;
>
> >> A big common gotcha is metacharacters in the password (" ' being too
> >> evils)
>
> >> From something not related to AD I can add that 2k3 server does SMB
> >> *NOT CIFS* by default. Now I'm not going to pretend that I really
> >> understand the intimate differences, but CIFS needs to be enabled on
> >> 2k3 if you intent to use it - may be completely useless info - may even
> >> be outdated.
>
> > No, I don't think that's going to help. It's pretty Ubuntu-specific. The
> > files in /etc/pam.d just don't exist in CentOS. All I need to do is
> > authenticate to the Win2k3 domain, I'm not going to be doing any file
> > sharing or logging onto the local console as a Win2k3 user. I just need
> > to authenticate users for mail purposes.
>
> Sorry I bothered. Good luck. You may want to stop fu&king around with
> Samba if all you are trying to do is authenticate.
>
Well, I got it working. It was a problem between the keyboard and the
chair. :-) I didn't understand that domain and domain.com in the
krb5.conf were asking for different things. :-)