Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 05:40:27 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Join AD EFW 2.3
0 Members and 13 Guests are viewing this topic. « previous next »
Pages: 1 2 [3] 4 Go Down Print
Author Topic: Join AD EFW 2.3  (Read 239516 times)
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #30 on: Wednesday 11 November 2009, 02:15:24 am »

No it means that winbind isn't already running, and thats what we are trying to fix.
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #31 on: Wednesday 11 November 2009, 02:20:30 am »

Also, I'm not sure if this helps but it doesn't matter what username/pword combination I use (real or fake) I always get the same "Failed to join domain" message.
Logged
npeterson
Full Member
***
Offline Offline

Posts: 90


« Reply #32 on: Wednesday 11 November 2009, 02:54:26 am »

yeah it does, the user has to have rights to join computers to the domain. So, Administrator or a domain admin should have rights.
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #33 on: Thursday 12 November 2009, 06:28:22 am »

Well, it looks as though I'll have to stay with 2.2 for a while.  Nothing I change seems to have made any difference.  I'm going to keep pressing at it to see if I can't figure out what's wrong.

Thanks everyone for all the help!  If I come across my solution, I'll be sure to post back, in case I'm not the only one.
Logged
blakewp
Jr. Member
*
Offline Offline

Posts: 2


« Reply #34 on: Friday 27 November 2009, 11:12:22 pm »

This might be of no help ( im a linux newbie but learning fast) but i finaly got mine to join
If it helps one person, then its worth the post..

I couldnt get it to join for love nor money, until i started routing around in the cwinbind.conf files and found this
based around other peoples sugestions

you need to set your auth realm to your fqdn
you need to set workgroup to netbios name

If like me your netbios name is NOT a shorterned version of your fqdn ( i dint do it, honest) then the join process will fail
eg
fqdn      =  mydomain.com
Netbios =  DOMAIN

as ( and correct me if im wrong here, im only going by what i see ) when the proxy restarts it uses a template to re-create the winbind.conf file and automatically changes the netbios name to the first part of the fqdn.

i resolved it by changing it in the template winbind.conf.tmpl to the netbios name

and it joined !!
Logged
Tomdarkness
Jr. Member
*
Offline Offline

Posts: 4


« Reply #35 on: Wednesday 02 December 2009, 11:07:41 am »

Well I've managed to join and it seems to work (not a very easy process I might add). EFW 2.3 with a Windows Server 2008 (Functional Level 2003) DC.
Logged
cagnaluia
Full Member
***
Offline Offline

Posts: 11


« Reply #36 on: Wednesday 21 April 2010, 10:30:49 pm »

hi,

I have the same errors.... trying to join in AC.

this is my winbond.conf

|ced1| is the name of my windows 2003 server DC
|icp.it.local| is the FQDN ? I think yes (it is the same FQDN to join windows client in the AC)
|icp.it| is my workgroup


Quote
[global]
security = ADS
password server = ced1
realm = icp.it.local

# handle logging
syslog only = Yes
log level = 0 winbind:2
syslog = 1
max log size = 1000

local master = no
hosts allow = 192.168.1.16/24
interfaces = br0
bind interfaces only = yes
preferred master = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

workgroup = icp.it
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = Yes
winbind separator = +
unix charset = UTF8

ntlm auth = Yes
min protocol = NT1
client NTLMv2 auth = Yes
lm announce = No

and this is my /etc/hosts

Quote
192.168.1.3   ced1.icp.it       ced1
192.168.2.3   ced2.icp.it       ced2
127.0.0.1   localhost.localhost localhost
192.168.1.16   endian.icp.it    endian
192.168.1.16   wpad.icp.it      wpad


when I execute this command I receive

net ads join -U administrator -s winbind.conf -d 5

Quote
net ads join -U administrator -s winbind.conf -d 5
[2010/04/21 14:33:34,  5] lib/debug.c:debug_dump_status(407)  INFO: Current debug levels:
    all: True/5
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
    registry: False/0
[2010/04/21 14:33:34,  3] param/loadparm.c:lp_load_ex(8753)  lp_load_ex: refreshing parameters
[2010/04/21 14:33:34,  3] param/loadparm.c:init_globals(4597)  Initialising global parameters
[2010/04/21 14:33:34,  3] param/params.c:pm_process(569)  params.c:pm_process() - Processing configuration file "winbind.conf"
[2010/04/21 14:33:34,  3] param/loadparm.c:do_section(7416)  Processing section "[global]"
  doing parameter security = ADS
  doing parameter password server = ced1
  doing parameter realm = icp.it.local
  doing parameter syslog only = Yes
Enter administrator's password:
Failed to join domain: failed to connect to AD: Cannot find KDC for requested realm


help....please
Logged
cagnaluia
Full Member
***
Offline Offline

Posts: 11


« Reply #37 on: Wednesday 21 April 2010, 11:58:22 pm »

I found something....

AFTER change all the names to UPPERCASE
and MODIFY
"password server = ced1.ICP.IT.LOCAL"
"realm = ICP.IT.LOCAL"
"workgroup = ICP.IT"

the join works right!!! BUT..... It's only for a bit...

IF I read/open the winbind.conf file I can read this line modified: "workgroup = ICP"

and the second join test failed!!


so... Who change this line instead of me? sing...
Logged
cagnaluia
Full Member
***
Offline Offline

Posts: 11


« Reply #38 on: Wednesday 28 April 2010, 10:04:59 pm »

is it a bug?
Logged
Steve
Sr. Member
****
Offline Offline

Posts: 108



WWW
« Reply #39 on: Wednesday 28 April 2010, 11:05:50 pm »

It's strange that you called your workgroup ICP.IT
Do you own the domain ICP.IT (which really exists - run a DNS report)? - this could be the problem why it can't connect to your 'workgroup' ICP.IT
Logged

                          
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #40 on: Thursday 29 April 2010, 03:45:46 am »

I found something....

AFTER change all the names to UPPERCASE
and MODIFY
"password server = ced1.ICP.IT.LOCAL"
"realm = ICP.IT.LOCAL"
"workgroup = ICP.IT"

the join works right!!! BUT..... It's only for a bit...

IF I read/open the winbind.conf file I can read this line modified: "workgroup = ICP"

and the second join test failed!!


so... Who change this line instead of me? sing...

Probably the template file. Many config files are rebuilt with template files, so you must modify these templates to make your changes permanent.
Logged
cagnaluia
Full Member
***
Offline Offline

Posts: 11


« Reply #41 on: Monday 10 May 2010, 05:48:16 pm »

It's strange that you called your workgroup ICP.IT
Do you own the domain ICP.IT (which really exists - run a DNS report)? - this could be the problem why it can't connect to your 'workgroup' ICP.IT

yes.

How can I run a DNS report? and paste here the results.
Logged
cagnaluia
Full Member
***
Offline Offline

Posts: 11


« Reply #42 on: Monday 10 May 2010, 05:52:45 pm »

I found something....

AFTER change all the names to UPPERCASE
and MODIFY
"password server = ced1.ICP.IT.LOCAL"
"realm = ICP.IT.LOCAL"
"workgroup = ICP.IT"

the join works right!!! BUT..... It's only for a bit...

IF I read/open the winbind.conf file I can read this line modified: "workgroup = ICP"

and the second join test failed!!


so... Who change this line instead of me? sing...

Probably the template file. Many config files are rebuilt with template files, so you must modify these templates to make your changes permanent.


but... wich one template file? where is it?
Logged
cagnaluia
Full Member
***
Offline Offline

Posts: 11


« Reply #43 on: Wednesday 12 May 2010, 05:25:38 pm »

summary:

I have a domain: icp.it.local
All the computers in the domain works in a workgroup named: icp.it
My primary Domain Controller is: "ced1", "192.168.1.3" (Windows 2003 Std. Server)
My endian firewall in the intranet is: "endian", "192.168.1.16"


PS: before all... years ago... all the network worked with Windows NT 4.0 Server, so the  Domain name (pre-Windows 2000) was: ICP.IT


Knowing these details, how can I set up the autentication NTLM? (or LDAP)



Others:

netdiag.txt
Quote
    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing IpConfig - pinging the Primary WINS server... Passed
    Testing IpConfig - pinging the Secondary WINS server... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing for autoconfiguration... Passed
    Testing IP loopback ping... Passed
    Testing default gateways... Passed
    Enumerating local and remote NetBT name cache... Passed
    Testing the WINS server
        Local Area Connection
            Sending name query to primary WINS server 192.168.1.3 - Passed
            Sending name query to secondary WINS server 192.168.2.3 - Passed
    Gathering Winsock information.
    Testing DNS
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.3' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.2.3' and other DCs also have some of the names registered.
    Testing redirector and browser... Passed
    Testing DC discovery.
        Looking for a DC
        Looking for a PDC emulator
        Looking for a Windows 2000 DC
    Gathering the list of Domain Controllers for domain 'ICP.IT'
    Testing trust relationships... Skipped
    Testing Kerberos authentication... Passed
    Testing LDAP servers in Domain ICP.IT ...
    Gathering routing information
    Gathering network statistics information.
    Gathering configuration of bindings.
    Gathering RAS connection information
    Gathering Modem information
    Gathering Netware information
    Gathering IP Security information

    Tests complete.


    Computer Name: CED1
    DNS Host Name: ced1.icp.it.local
    DNS Domain Name: icp.it.local
    System info : Windows 2000 Server (Build 3790)


..........................


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : ICP.IT
    Dns domain name. . . . . . . . : icp.it.local
    Dns forest name. . . . . . . . : icp.it.local
    Domain Guid. . . . . . . . . . : {F92BB039-5A2F-421C-95F9-0AA901C028CC}
    Domain Sid . . . . . . . . . . : S-1-5-21-915690042-2112626843-142223018
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : ICP.IT


..............................


DNS test . . . . . . . . . . . . . : Passed
      Interface {70EF8501-F975-4C2B-B0D4-D7AE54523D4F}
        DNS Domain:
        DNS Servers: 192.168.1.3 192.168.2.3
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: ced1.icp.it.local.
          Authoritative zone: icp.it.local.
          Primary DNS server: ced1.icp.it.local 192.168.1.3
          Authoritative NS:192.168.5.1 192.168.2.3 192.168.1.3
Check the DNS registration for DCs entries on DNS server '192.168.1.3'
The Record is different on DNS server '192.168.1.3'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.3', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.icp.it.local.
DNS DATA =
            SRV 0 100 389 ced1.icp.it.local.

The record on DNS server 192.168.1.3 is:
DNS NAME = _ldap._tcp.icp.it.local
DNS DATA =
            SRV 0 100 389 ced-csm.icp.it.local
            SRV 0 100 389 ced-fileserver2.icp.it.local
            SRV 0 100 389 ced2.icp.it.local
            SRV 0 100 389 ced4.icp.it.local
            SRV 0 100 389 ced1.icp.it.local
+------------------------------------------------------+


Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #44 on: Wednesday 12 May 2010, 08:34:48 pm »

I have two separated windows 2003 domains: pippo.local and ita.pluto.it

With the first one I have no problems to connect to the domain.
With the second I have all yours problems.

This is the configuration (through the GUI):

Realm: pippo.local
Domain name server AD: pippo
Hostname: server
IP: 10.3.0.1

I set the routing DNS pippo.local -> 10.3.0.1 and nothing else.

I hope this could be helpfull.
Logged
Pages: 1 2 [3] 4 Go Up Print 
« previous next »
Jump to:  

Page created in 0.188 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com