Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
    • Tags

    Ad Authetication Fails

    Posted on

    Hello everyone,

    I am trying to integrate RHEL 6.5 system into Windows server 2012 Ad environment. I followed the guide in the following link on page 31.

    https://www.redhat.com/rhecm/rest-rhecm/jcr/repository/collaboration/jcr:system/jcr:versionStorage/ae40084d0a052601783f1ea42715cdef/32/jcr:frozenNode/rh:resourceFile

    So far I have no luck getting authentication work.
    Here are the error messages i am getting;

    Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN.LCL' over rpc: Logon failure

    Sep 5 16:19:50 Redhat01 winbindd[24064]: [2014/09/05 16:19:50.636313, 0] winbindd/winbindd.c:240(winbindd_sig_term_handler)
    Sep 5 16:19:50 Redhat01 winbindd[24064]: Got sig[15] terminate (is_parent=1)
    Sep 5 16:20:03 Redhat01 winbindd[24275]: [2014/09/05 16:20:03.186900, 0] winbindd/winbindd_dual.c:926(calculate_next_machine_pwd_change)
    Sep 5 16:20:03 Redhat01 winbindd[24275]: cannot fetch own machine password ????ads_connect for domain MYDOMAIN failed: Cannot read password
    Sep 5 22:14:46 Redhat01 winbindd[24272]: [2014/09/05 22:14:46.660704, 0] winbindd/winbindd.c:240(winbindd_sig_term_handler)
    Sep 5 22:14:46 Redhat01 winbindd[24272]: Got sig[15] terminate (is_parent=1)
    Sep 5 22:16:15 Redhat01 winbindd[27376]: [2014/09/05 22:16:15.418863, 0] winbindd/winbindd_dual.c:926(calculate_next_machine_pwd_change)
    Sep 5 22:16:15 Redhat01 winbindd[27376]: cannot fetch own machine password ????ads_connect for domain MYDOMAIN failed: Cannot read password
    Sep 5 22:16:15 Redhat01 smbd[27364]: [2014/09/05 22:16:15.788811, 0] printing/nt_printing.c:102(nt_printing_init)
    Sep 5 22:16:15 Redhat01 smbd[27364]: nt_printing_init: error checking published printers: WERR_ACCESS_DENIED

    Here is my sbm.conf file

    realm = MYDOMAIN.LCL
    workgroup = MYDOMAIN
    security = ads
    idmap config * : backend = autorid
    idmap config * : range = 1000000-201000000
    idmap config * : rangesize = 2000000
    winbind enum users = yes
    winbind enum groups = yes
    winbind separator = +
    winbind use default domain = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    winbind offline logon = yes
    debuglevel = 2

    and /etc/krb5.conf

    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    [libdefaults]
    default_realm = MYDOMAIN.lcl
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true

    [realms]
    MYDOMAIN.LCL = {
    kdc = dc01.MYDOMAIN.lcl
    admin_server = dc01.MYDOMAIN.lcl
    }

    MYDOMAIN.LCL = {
    kdc = DC01.MYDOMAIN.LCL
    kdc = DC01.MYDOMAIN.LCL
    kdc = DC01.MYDOMAIN.LCL
    }

    DC01.MYDOMAIN.LCL = {
    }

    [domain_realm]
    mydomain.lcl = MYDOMAIN.LCL
    .mydomain.lcl = MYDOMAIN.LCL

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat