Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 15 November 2024, 06:10:44 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14255 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Problem joining AD, wrong workgroup name in winbind.conf
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Problem joining AD, wrong workgroup name in winbind.conf  (Read 11859 times)
jomoryja
Jr. Member
*
Offline Offline

Posts: 9


« on: Saturday 11 January 2014, 05:11:46 am »

The issue I have is that I'm not able to join an AD domain via the GUI.

My version of Endian is 3.0
I've setup the Endian Proxy more then a month ago (3.0 Beta 1) and some weeks ago I've updated via efw-upgrade.
I don't know if that's exactly the same as 3.0 Beta 2 however.

What did I try / find out:

in the flle /etc/samba/winbind.conf is a line with workgroup = DOMAINNAME
That DOMAINNAME however is an older one I've entered before during testing, it's not the one which I have entered lately (and actually see) in the GUI.

I performed the following actions to test:
I first entered all the correct information via the GUI and tried to join the domain via the GUI AD Join
then I switched to the command line and performed the following actions

1) I edited the winbind.conf file for the correct workgroup name
nano /etc/samba/winbind.conf
2) I checked if the line workgroup was now ok
cat /etc/samba/winbind.conf
3) I restarted the service
/etc/init.d/winbind start
4) I joined the domain
net ads join -Uusername -s /etc/samba/winbind.conf
I had to enter the password and it went fine.

I was now able to change my access policy based on my AD groups.
And this worked fine browsing the Internet.

To my surprise however later (> 10 minutes) the line workgroup was changed back to the original domainname and my access policy didn't work anymore.

Is this file being overwritten from a template regularly?
Am I doing something wrong? Is this a bug?
Does anybody have experience with this?

Thank you for your answers, Best Regards, Jos
Logged
jomoryja
Jr. Member
*
Offline Offline

Posts: 9


« Reply #1 on: Saturday 11 January 2014, 06:36:55 am »

I think I found the solution.

When data is entered in the GUI, the file /etc/samba/winbind/conf/tmpl is used to retrieve the GUI data.
From this the file winbind.conf is generated.

In the file winbind.conf.tmpl there is a line:
workgroup = ${AUTH_REALM.split(".")[0].upper()}
I've changed this to:
workgroup = $NTLM_DOMAIN.upper()

Now the correct datafield from the GUI is used to enter the correct data (in upper case) behind "workgroup".

This works fine for now. My AD join looks stable and works via the GUI.

Best regards, Jos
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com