Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 21 December 2024, 01:08:50 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Join AD EFW 2.3
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] 2 3 4 Go Down Print
Author Topic: Join AD EFW 2.3  (Read 288265 times)
ges35
Full Member
***
Offline Offline

Posts: 10


« on: Wednesday 28 October 2009, 04:56:29 pm »

Somebody has joined in AD - EFW 2.3

EFW 2.2 it is join into the domain well, and here I do the same customisations on version 2.3 does not want it is entered, writes Failed to join domain.

Tell how to win?
Logged
imrandanish1
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Thursday 29 October 2009, 06:37:42 pm »

Somebody has joined in AD - EFW 2.3

EFW 2.2 it is join into the domain well, and here I do the same customisations on version 2.3 does not want it is entered, writes Failed to join domain.

Tell how to win?

Hi,

I am also trying to join ad but it is not joining message displays "Failed to join domain: failed to find DC for domain ENDIAN PROXY SERVER"
although i have give it all the info like

Host Name
DNS
 please tell me what to do.
Logged
ges35
Full Member
***
Offline Offline

Posts: 10


« Reply #2 on: Friday 30 October 2009, 02:02:40 am »

The matter is that web the interface does not make change to configuration files, in particular etc/samba/smb.conf
If it configure through putty that efw is entered in AD without problems, but all the same further endian does not see domain groups and users.

If who knows what to do prompt, and I as will look that here read a forum more and more instead of respond.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #3 on: Saturday 31 October 2009, 08:38:54 am »

ges35 is right.

Here is how you can get it to work
Setup endian like your going to join it to your domain. hit save on the configuration page. then join domain. This will fail, but it should generate the winbind.conf file.

SSH to your server (putty)
goto the /etc/samba directory (cd /etc/samba)
Edit the winbind.conf file and change the following line:

Workgroup = <domain short Name>

to

Workgroup = <Domain Full name, (the same as your realm)>

Save File
now run the following to join the domain:

net ads join -U<username> -s /etc/samba/winbind.conf

you should get back Something like Joined '<computer name>' to realm '<full domain name>'

If you have multiple DC's wait up to 15 min for replication

you can test the connection  by running wbinfo -t

Should be joined.

So this raises the question why did endian not do a rc2 on 2.3? Authentication was an issue in rc1. I like it but it needed more testing before a final was stamped on this...

BTW you can track this bug here: http://bugs.endian.it/view.php?id=2333

Updated, no need to create smb.conf file.
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #4 on: Thursday 05 November 2009, 08:55:35 am »

I'm having the same issue with 2.3, but when following your directions, my winbind.conf isn't being generated.  Any ideas?

I have the template, but not the newly generated.  I've filled out the Authentication portion and tried to join, but still get 'Failed to Join Domain'
Logged
nmatese
Full Member
***
Offline Offline

Posts: 27


« Reply #5 on: Saturday 07 November 2009, 08:26:23 am »

I am also having a similiar issue, I have my time synced with the Domain controller, and it still says failed to join AD every time.  No winbind.conf is being generated.  Please advise, any help is appreciated.
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #6 on: Saturday 07 November 2009, 08:38:04 am »

The latest message I'm getting is:

Failed to join domain: Invalid configuration and configuration modification was not requested
Logged
bodo.olschewski
Jr. Member
*
Offline Offline

Posts: 5


« Reply #7 on: Sunday 08 November 2009, 01:47:31 am »

Hello,

the problem can be fixed by editing the /etc/samba/winbind.conf.tmpl file.

The line "workgroup = ${AUTH_REALM.split(".")[0].upper()}" has to be changed.

For me it was ok to change it to "workgroup = ${NTLM_DOMAIN.upper()}" .
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #8 on: Tuesday 10 November 2009, 12:35:23 am »

I just tried that fix, however my winbind.conf is still not being created.  I just reloaded from scratch to make sure none of my existing tries were conflicting, but no success.

Other ideas?

Is there a log file that would at least point to maybe why it failed?
Logged
nmatese
Full Member
***
Offline Offline

Posts: 27


« Reply #9 on: Tuesday 10 November 2009, 03:20:53 am »

I am also getting "Failed to join domain: Invalid configuration and configuration modification was not requested" right now after trying both things.
Logged
bodo.olschewski
Jr. Member
*
Offline Offline

Posts: 5


« Reply #10 on: Tuesday 10 November 2009, 04:02:53 am »

Hello again,

I extra installed a fresh EFW 2.3  under VMWare to try it (again) for you.

Here are the steps which I did:

1. Install EFW (without loading backup!)
2. Configure network settings
3. enable SSL
4. copy the changed /etc/samba/winbind.conf.tmpl file with winscp  ( http://bugs.endian.it/file_download.php?file_id=301&type=bug )
5. change to proxy-> authentication
6. Switch to Windows Active Directory (NTLM)
7. enter the long Domain-name in Authentication Realm
8. enter the short domain name in Domainname of AD server
9. enter the server name (without domain) in PDC
10. enter the server adress in PDC IP
11. klick on Save
12. klick on Apply
13. klick on Proxy->AD join
14. enter the domain-administrator name (without domain) and password
15. klick on join ADS
16. Wink
17. Proxy->Access Policy-> edit filter rule
18. switch Authentication to user or group based
19. select ADS-member/group
...
Logged
nmatese
Full Member
***
Offline Offline

Posts: 27


« Reply #11 on: Tuesday 10 November 2009, 04:36:43 am »

I'm making some progress, but now I am getting:

"Failed to join domain: failed to find DC for domain"
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #12 on: Tuesday 10 November 2009, 06:14:16 am »

I'm making some progress, but now I am getting:

"Failed to join domain: failed to find DC for domain"

Mine too.  I've done EXACTLY the steps you've posted.  Although this time my Winbind.conf has been created.
Logged
nmatese
Full Member
***
Offline Offline

Posts: 27


« Reply #13 on: Tuesday 10 November 2009, 06:15:53 am »

I got mine to work, by changing what bodo.olschewski said, but I set my workgroup manually, and didnt have it set from $variable stuff.
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #14 on: Tuesday 10 November 2009, 06:21:27 am »

What does your password server, realm and workgroup lines look like in winbind.conf?  (I'm  just trying to figure out the combination of names that go in there. 

Mine:
password server = DC.domain.local
realm = domain.local

workgroup = domain.local
Logged
Pages: [1] 2 3 4 Go Up Print 
« previous next »
Jump to:  

Page created in 0.172 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com