Hello all,
I succesfully joined a CentOS v5.3 to our AD-server using LikewiseOpen
v5.1.5249.
However I am not able to login using users from AD. I performed some of the
tests as
discribed in the Manual (see below).
What is very strange is that I am able to see the AD-groups using
'lw-enum-groups',
but I am not able to see the users using 'lw-enum-users'.
If I check /var/log/messages (see below) I get as error message:
May 7 11:14:47 pv03 lsassd[3073]: 0x46dd8940:User
S-1-5-21-2709511636-3220455279-3717729453-1117
has an invalid value for the userAccountControl attribute.
Please check that it is set and that the machine account has permission to
read it.
I checked the 'userAccountControl' attribute and I am pretty sure that this is
not the problem.
So then I must conclude that the problem must be related to the last message:
... and that the machine account has permission to read it.
Does anyone know what this 'machine account' is and how I can check its
permissions ?
Does anyone have an idea what the problem might be ?
Thanks,
Erik Peeters
Operating system: CentOS 5.3
Installation of LikewiseOpen (v5.1.5249) was succesfull.
Joining a domain was succesfull using the command line tool.
(The GUI gave an error)
Logon problem with AD-accounts:
-------------------------------
[r...@pv03 bin]# /opt/likewise/bin/domainjoin-cli query
Name = pv03
Domain = ANSEM-INTERN.LOCAL
Distinguished Name = CN=pv03,CN=Computers,DC=ansem-intern,DC=local
[r...@pv03 bin]# /opt/likewise/bin/kdestroy
kdestroy: No credentials cache found while destroying cache
[r...@pv03 bin]# /sbin/service lsassd status
lsassd (pid 3073) is running...
[r...@pv03 bin]# /opt/likewise/bin/lw-get-dc-name ansem-intern.local
Printing LWNET_DC_INFO fields:
===============================
dwDomainControllerAddressType = 23
dwFlags = 1021
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = dc01.ansem-intern.local
pszDomainControllerAddress = 192.168.2.1
pucDomainGUID(hex) = 4B B7 89 58 B9 B5 78 49 88 B3 C8 61 17 F7 C5 9A
pszNetBIOSDomainName = ANSEM-INTERN
pszFullyQualifiedDomainName = ansem-intern.local
pszDnsForestName = ansem-intern.local
pszDCSiteName = Default-First-Site-Name
pszClientSiteName = Default-First-Site-Name
pszNetBIOSHostName = DC01
pszUserName = <EMPTY>
[r...@pv03 bin]# /opt/likewise/bin/lw-get-status
LSA Server Status:
Agent version: 5.1.5249
Uptime: 8 days 0 hours 9 minutes 12 seconds
[Authentication provider: lsa-activedirectory-provider]
Status: Online
Mode: Un-provisioned
Domain: ANSEM-INTERN.LOCAL
Forest: ansem-intern.local
Site: Default-First-Site-Name
Online check interval: 300 seconds
[Trusted Domains: 1]
[Domain: ANSEM-INTERN]
DNS Domain: ansem-intern.local
Netbios name: ANSEM-INTERN
Forest name: ansem-intern.local
Trustee DNS name:
Client site name: Default-First-Site-Name
Domain SID: S-1-5-21-2709511636-3220455279-3717729453
Domain GUID: 4bb78958-b9b5-7849-88b3-c86117f7c59a
Trust Flags: [0x001d]
[0x0001 - In forest]
[0x0004 - Tree root]
[0x0008 - Primary]
[0x0010 - Native]
Trust type: Up Level
Trust Attributes: [0x0000]
Trust Direction: Primary Domain
Trust Mode: In my forest Trust (MFT)
Domain flags: [0x0001]
[0x0001 - Primary]
[Domain Controller (DC) Information]
DC Name: dc01.ansem-intern.local
DC Address: 192.168.2.1
DC Site: Default-First-Site-Name
DC Flags: [0x000003fd]
DC Is PDC: yes
DC is time server: yes
DC has writeable DS: yes
DC is Global Catalog: yes
DC is running KDC: yes
[Authentication provider: lsa-local-provider]
Status: Online
Mode: Local system
[r...@pv03 bin]# su ANSEM-INTERN\\peeters
su: user ANSEM-INTERN\peeters does not exist
[r...@pv03 bin]# ./lw-enum-groups
Group info (Level-0):
====================
Name: ANSEM-INTERN\aankopen_users-distrubution-group
Gid: 27788776
SID: S-1-5-21-2709511636-3220455279-3717729453-1512
.
. 197 similar entires deleted
.
Group info (Level-0):
====================
Name: ANSEM-INTERN\witness-security
Gid: 27788599
SID: S-1-5-21-2709511636-3220455279-3717729453-1335
TotalNumGroupsFound: 199
[r...@pv03 bin]# ./lw-enum-users
Failed to enumerate users. The LDAP attribute value is NULL or invalid
[r...@pv03 bin]# tail /var/log/messages
May 7 11:12:58 pv03 lsassd[3073]: 0x445d4940:User
S-1-5-21-2709511636-3220455279-3717729453-1195 has an invalid value for the
userAccountControl attribute. Please check that it is set and that the machine
account has permission to read it.
[r...@pv03 bin]# su ANSEM-INTERN\\peeters
su: user ANSEM-INTERN\peeters does not exist
[r...@pv03 bin]# tail /var/log/messages
May 7 11:14:47 pv03 lsassd[3073]: 0x46dd8940:User
S-1-5-21-2709511636-3220455279-3717729453-1117 has an invalid value for the
userAccountControl attribute. Please check that it is set and that the machine
account has permission to read it.
_________________________________________________
Erik Peeters
IT Manager
IC Operations Manager
Direct: +32 16 386 510
erik.peet...@ansem.com
AnSem NV - www.ansem.com
Esperantolaan 9 - 3001 Heverlee - BELGIUM
Phone: +32 16 38 65 00 - Fax: +32 16 38 65 65
BTW BE 0462.614.279 - RPR Leuven
Information in this mail is strictly confidential
_________________________________________________
_____________________________________________________________________
Likewise-open-discuss mailing list
Likewise-open-discuss@lists.likewiseopen.org
Found a bug? Please file a report:
http://lobugs.likewise.com/
Looking for other discussion options? Try our forums:
http://www.likewise.com/community/index.php/forums/
