|
Title: WindowsNTLM, AD and EWF2.4 Post by: uros on Wednesday 04 August 2010, 04:46:47 pm Hello,
I had some problems to join EFW2.4 to AD, after long night I find the solution: my configuration: domain FQDN: domain-fullname.com short domain name (workgroup): domain AD server: sbs2003 IP of AD: 192.168.1.100 IP of EFW: 192.168.1.15 EFW: Endian Firewall Community release 2.4.0 Server: SBS2003 with AD 1. install EWF 2. make sure, that the time is the same on EWF and AD: SERVICES->TIMESERVER: overvride default NTP services, put AD server name (sbs2003) 3. NETWORK->EDIT HOST->ADD HOST: ip:192.168.1.100; hostname: sbs2003; domain name: domain-fullname.com; 4. after that, goto PROXY-> enable it and try to join to AD... probably will fall ;) 5. go to SSH :nano /var/efw/proxy/settings and modify as is bellow: AUTH_METHOD=ntlm AUTH_REALM=domain-fullname.com FORWARD_USERNAME= GREEN_ENABLED=transparent HAVP_ENABLED=on LOGUSERAGENT= NTLM_DOMAIN=domain NTLM_PDC=sbs2003 OFFLINE_MODE=off PDC_ADDRESS=192.168.1.100 PROXY_ENABLED=on 6. nano /etc/samba/winbind.conf [global] security = ADS password server = sbs2003.domain realm = domain-fullname.com # handle logging syslog only = Yes log level = 0 winbind:2 syslog = 1 max log size = 1000 local master = no hosts allow = 192.168.1.15/24 interfaces = br0 bind interfaces only = yes preferred master = no dns proxy = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = domain winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = Yes winbind separator = + unix charset = UTF8 ntlm auth = Yes min protocol = NT1 client NTLMv2 auth = Yes lm announce = No 7. /etc/init.d/winbind start 8. net ads join –U<ADadminusername> -s /etc/samba/winbind.conf Enter the password and it should be OK… Hope, that this manuals help someone ; please for feedback Title: Re: WindowsNTLM, AD and EWF2.4 Post by: pwizard on Friday 06 August 2010, 12:24:34 pm please update bug by #efw-upgrade
Title: Re: WindowsNTLM, AD and EWF2.4 Post by: oakleeman on Friday 06 August 2010, 03:13:02 pm I'm trying to use 2.4 with an SME Server 7 domain controller. This config was working with EFW 2.1.2 but after we upgraded to 2.4 we can't join the domain.
Server root: dc=bps,dc=local Windows workgroup: BPS Server Name: dctl1 Server IP: 192.168.100.15 EFW IP: 192.168.100.254 root@efw:~ # cat /var/efw/proxy/settings AUTH_METHOD=ntlm AUTH_REALM=BPS BLUE_ENABLED=transparent BYPASS_SOURCE= CACHE_SIZE=10000 DANSGUARDIAN_ENABLED=on DANSGUARDIAN_LOGGING=on DST_NOCACHE= FORWARD_USERNAME= HAVP_ENABLED=on LOGGING=on LOGUSERAGENT= NTLM_DOMAIN=BPS.LOCAL NTLM_PDC=DCTL1 OFFLINE_MODE=off PDC_ADDRESS=192.168.100.15 PROXY_ENABLED=on root@efw:~ # cat /etc/samba/winbind.conf [global] security = ADS password server = DCTL1.BPS.LOCAL realm = BPS # handle logging syslog only = Yes log level = 0 winbind:2 syslog = 1 max log size = 1000 local master = no hosts allow = 192.168.100.254/24 interfaces = br0 br2 bind interfaces only = yes preferred master = no dns proxy = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = BPS winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = Yes winbind separator = + unix charset = UTF8 ntlm auth = Yes min protocol = NT1 client NTLMv2 auth = Yes lm announce = No root@efw:~ # net ads join -Uadmin -s /etc/samba/winbind.conf Enter admin's password: Failed to join domain: Invalid configuration and configuration modification was not requested root@efw:~ # cat /var/efw/proxy/settings AUTH_METHOD=ntlm AUTH_REALM=BPS.LOCAL BLUE_ENABLED=transparent BYPASS_SOURCE= CACHE_SIZE=10000 DANSGUARDIAN_ENABLED=on DANSGUARDIAN_LOGGING=on DST_NOCACHE= FORWARD_USERNAME= HAVP_ENABLED=on LOGGING=on LOGUSERAGENT= NTLM_DOMAIN=BPS NTLM_PDC=DCTL1 OFFLINE_MODE=off PDC_ADDRESS=192.168.100.15 PROXY_ENABLED=on root@efw:~ # cat /etc/samba/winbind.conf [global] security = ADS password server = DCTL1.BPS realm = BPS.LOCAL # handle logging syslog only = Yes log level = 0 winbind:2 syslog = 1 max log size = 1000 local master = no hosts allow = 192.168.100.254/24 interfaces = br0 br2 bind interfaces only = yes preferred master = no dns proxy = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = BPS winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = Yes winbind separator = + unix charset = UTF8 ntlm auth = Yes min protocol = NT1 client NTLMv2 auth = Yes lm announce = No root@efw:~ # net ads join -Uadmin -s /etc/samba/winbind.conf Enter admin's password: Failed to join domain: failed to find DC for domain BPS.LOCAL root@efw:~ # /etc/init.d/winbind start Starting Winbind services: [ OK ] root@efw:~ # /etc/init.d/winbind status winbindd dead but subsys locked root@efw:~ # efw-upgrade Loading cache... Updating cache... ############################################# [100%] Fetching information for 'efw-community'... -> <myemailaddress>:*@forum_complaining_about_clickable_link repomd.xml ############################################# [ 50%] Updating cache... ############################################# [100%] Channels have no new packages. Loading cache... Updating cache... ############################################# [100%] Computing transaction... No interesting upgrades available. /etc/upgrade/upgrade.d/migration: --- Found: 0 OK: 0 root@efw:/var/log/samba # tail samba.log Aug 6 00:04:56 efw winbindd[15638]: [2010/08/06 00:04:56, 0] winbindd/winbindd_util.c:init_domain_list(740) Aug 6 00:04:56 efw winbindd[15638]: Could not fetch our SID - did we join? Aug 6 00:04:56 efw winbindd[15638]: [2010/08/06 00:04:56, 0] winbindd/winbindd.c:main(1286) Aug 6 00:04:56 efw winbindd[15638]: unable to initialize domain list Aug 6 00:05:28 efw winbindd[16107]: [2010/08/06 00:05:28, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2379) Aug 6 00:05:28 efw winbindd[16107]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 Aug 6 00:05:28 efw winbindd[16107]: [2010/08/06 00:05:28, 0] winbindd/winbindd_util.c:init_domain_list(740) Aug 6 00:05:28 efw winbindd[16107]: Could not fetch our SID - did we join? Aug 6 00:05:28 efw winbindd[16107]: [2010/08/06 00:05:28, 0] winbindd/winbindd.c:main(1286) Aug 6 00:05:28 efw winbindd[16107]: unable to initialize domain list root@efw:/var/log/samba # tail log.winbindd [2010/08/06 00:03:19, 0] winbindd/winbindd.c:main(1138) winbindd version 3.2.14-2.endian8 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/08/06 00:03:52, 0] winbindd/winbindd.c:main(1138) winbindd version 3.2.14-2.endian8 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/08/06 00:04:24, 0] winbindd/winbindd.c:main(1138) winbindd version 3.2.14-2.endian8 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/08/06 00:04:56, 0] winbindd/winbindd.c:main(1138) winbindd version 3.2.14-2.endian8 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/08/06 00:05:28, 0] winbindd/winbindd.c:main(1138) winbindd version 3.2.14-2.endian8 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 Title: Re: WindowsNTLM, AD and EWF2.4 Post by: uros on Friday 06 August 2010, 08:08:10 pm Did you made step 3?
3. NETWORK->EDIT HOST->ADD HOST: ip:192.168.1.100; hostname: sbs2003; domain name: domain-fullname.com; Title: Re: WindowsNTLM, AD and EWF2.4 Post by: oakleeman on Saturday 07 August 2010, 12:50:30 am Yeah, I added the domain controller to the network hosts. I'm able to ping the DCTL so the EFW knows the IP for it at least.
I even tried adding BPS.LOCAL to the /etc/hosts file too just for kicks and that didn't work either. Title: Re: WindowsNTLM, AD and EWF2.4 Post by: jamerson on Tuesday 14 May 2013, 06:59:55 pm i am on 2.5 and still fighting to get it connected to the domain,
can someone please advise? |