Hi Renato: Try stepping through the troubleshooting steps below:
Solve Domain-Join Problems To troubleshoot problems with joining a Linux computer to a domain, perform the following series of diagnostic tests sequentially on the Linux computer with a root account. The tests can also be used to troubleshoot domain-join problems on a Unix or Mac OS X computer; however, the syntax of the commands on Unix and Mac might be slightly different. The procedures in this topic assume that you have already checked whether the problem falls under the Top 10 Reasons Domain Join Fails. It is also recommended that you generate a domain-join log. Verify that the Name Server Can Find the Domain Run the following command as root: nslookup ADrootDomain.com Make Sure the Client Can Reach the Domain Controller You can verify that your computer can reach the domain controller by pinging it: ping domainName Verify that Outbound Ports Are Open Run the following command as root: domainjoin-cli join --details firewall likewisedemo.com The results of the command show whether you must open any ports. For a list of ports that must be open on the client, see Make Sure Outbound Ports Are Open. Check DNS Connectivity The computer might be using the wrong DNS server or none at all. Make sure the nameserver entry in /etc/resolv.conf contains the IP address of a DNS server that can resolve the name of the domain you are trying to join. This is likely to be the IP address of one of your domain controllers. Make Sure nsswitch.conf Is Configured to Check DNS for Host Names The /etc/nsswitch.conf file must contains the following line. (On AIX, the file is /etc/netsvc.conf.) hosts: files dns Computers running Solaris, in particular, may not contain this line in nsswitch.conf until you add it. Ensure that DNS Queries Are Not Using the Wrong Network Interface Card If the computer is multi-homed, the DNS queries might be going out the wrong network interface card. Temporarily disable all the NICs except for the card on the same subnet as your domain controller or DNS server and then test DNS lookups to the AD domain. If this works, re-enable all the NICs and edit the local or network routing tables so that the AD domain controllers are accessible from the host. Determine Whether the DNS Server Is Configured to Return SRV Records Your DNS server must be set to return SRV records so the domain controller can be located. It is common for non-Windows (bind) DNS servers to not be configured to return SRV records. Diagnose by executing the following command: nslookup -q=srv _ldap._tcp.ADdomainToJoin.com Make Sure that the Global Catalog Is Accessible The global catalog for Active Directory must be accessible. A global catalog in a different zone might not show up in DNS. Diagnose by executing the following command: nslookup -q=srv _ldap._tcp.gc._msdcs.ADrootDomain.com >From the list of IP addresses in the results, choose one or more addresses and test whether they are accessible on Port 3268 by using telnet. telnet 192.168.100.20 3268 Trying 192.168.100.20... Connected to sales-dc.likewisedemo.com (192.168.100.20). Escape character is '^]'. Press the Enter key to close the connection: Connection closed by foreign host. Verify that the Client Can Connect to the Domain on Port 123 The following test checks whether the client can connect to the domain controller on Port 123 and whether the Network Time Protocol (NTP) service is running on the domain controller. For the client to join the domain, NTP -- the Windows time service -- must be running on the domain controller. On a Linux computer, run the following command as root: ntpdate -d -u DC_hostname Example: ntpdate -d -u sales-dc For more information, see Diagnose NTP on Port 123. In addition, check the logs on the domain controller for errors from source w32tm, the Windows time service. ________________________________ (c) 2008 Likewise Software. All rights reserved. For more information, contact [EMAIL PROTECTED] or visit www.LikewiseSoftware.com <http://www.likewisesoftware.com/> . From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renato F. Fuyonan Jr. Sent: Friday, August 29, 2008 4:36 AM To: likewise-open-discuss@lists.likewisesoftware.com Subject: [Likewise-open-discuss] Lsass Error I have installed Likewise Open on my Fedora 9 box.... Doing domainjoin-cli join domain account would output: Error: Lsass Error [code 0x00080047] Error [code:-1] Please help what does this mean? I cannot let my Fedora 9 join AD
_______________________________________________ Likewise-open-discuss mailing list Likewise-open-discuss@lists.likewisesoftware.com http://lists.likewisesoftware.com/cgi-bin/mailman/listinfo/likewise-open-discuss