Hi Nico It's not up to me to decide (and implement) the OS updates :-( and thus cannot do anything about the status of security of the systems. Though I completely agree with you :-)
Now to the Samba ADS integraztion problem. I only need to execute the net ads command, I need the windows domain membership for a service running on this system not for local logins. TIA Paolo On Wed, Jan 23, 2013 at 1:12 AM, Nico Kadel-Garcia <[email protected]> wrote: > On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino <[email protected]> wrote: >> Hi >> >> I'm trying to make a Linux server (RHEL 5.3) join my company's ADS >> domain. The company's domain is built from serveral kerberos realms > > Stop *right* there. If you have RHEL, and you've been regularly > applying updates, you've automatically updated to RHEL 5.9 since its > release a few weeks ago. RHEL 5.3 is now 4 yours old and you should > *not* use it for any security sensitive functions like the critical > Kerberos authentication in an ADS domain, without the Red Hat > published system updates. So do the system updates first. > >> and Windows domain. the Linux FQDN resolves to the name of one of the >> kerberos realms we have, but I was asked to to have the linux server >> join a different kerberos realm and windows Domain. When I attempt to >> run the command: 'net ads join -U [account] -w [domain]. I get the >> following error: >> Failed to set servicePrincipalNames. Please ensure that >> the DNS domain of this server matches the AD domain, >> Or rejoin with using Domain Admin credentials. >> >> I know it's possible because it was done in the company in the past >> (unfortunately) the sysadmin that did it no longer works here and no >> one else knows how to reproduce how he did it. > > Are you using the built-in Samba 3.0.33, the available "samba3x" tool > that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If > you're using the built-in Samba 3.0.33 or the "samba3x" package, you > should be able to use "authconfig" to set all of this in PAM,a nd only > need "net ads" to register the particular host with AD credentials. > > And are you making sure to use "net ads join -U 'admin@remotedomain' > -w 'remotedomain'", if the DNS domain does not match the AD domain? > > You might also install, and try working with, the X-based version of > the "system-config-authentication" command which provides reasonable > GUI options for most of this. > > >> I know this email is scarce on helpfull information. I simply don't >> know what information to supply (I have the output of join with -d 4 >> and -d 10 debug levels). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
