Ad Authetication Fails

Latest response

Hello everyone,

I am trying to integrate RHEL 6.5 system into Windows server 2012 Ad environment. I followed the guide in the following link on page 31.

https://www.redhat.com/rhecm/rest-rhecm/jcr/repository/collaboration/jcr:system/jcr:versionStorage/ae40084d0a052601783f1ea42715cdef/32/jcr:frozenNode/rh:resourceFile

So far I have no luck getting authentication work.
Here are the error messages i am getting;

Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN.LCL' over rpc: Logon failure

Sep 5 16:19:50 Redhat01 winbindd[24064]: [2014/09/05 16:19:50.636313, 0] winbindd/winbindd.c:240(winbindd_sig_term_handler)
Sep 5 16:19:50 Redhat01 winbindd[24064]: Got sig[15] terminate (is_parent=1)
Sep 5 16:20:03 Redhat01 winbindd[24275]: [2014/09/05 16:20:03.186900, 0] winbindd/winbindd_dual.c:926(calculate_next_machine_pwd_change)
Sep 5 16:20:03 Redhat01 winbindd[24275]: cannot fetch own machine password ????ads_connect for domain MYDOMAIN failed: Cannot read password
Sep 5 22:14:46 Redhat01 winbindd[24272]: [2014/09/05 22:14:46.660704, 0] winbindd/winbindd.c:240(winbindd_sig_term_handler)
Sep 5 22:14:46 Redhat01 winbindd[24272]: Got sig[15] terminate (is_parent=1)
Sep 5 22:16:15 Redhat01 winbindd[27376]: [2014/09/05 22:16:15.418863, 0] winbindd/winbindd_dual.c:926(calculate_next_machine_pwd_change)
Sep 5 22:16:15 Redhat01 winbindd[27376]: cannot fetch own machine password ????ads_connect for domain MYDOMAIN failed: Cannot read password
Sep 5 22:16:15 Redhat01 smbd[27364]: [2014/09/05 22:16:15.788811, 0] printing/nt_printing.c:102(nt_printing_init)
Sep 5 22:16:15 Redhat01 smbd[27364]: nt_printing_init: error checking published printers: WERR_ACCESS_DENIED

Here is my sbm.conf file

realm = MYDOMAIN.LCL
workgroup = MYDOMAIN
security = ads
idmap config * : backend = autorid
idmap config * : range = 1000000-201000000
idmap config * : rangesize = 2000000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind offline logon = yes
debuglevel = 2

and /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = MYDOMAIN.lcl
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
MYDOMAIN.LCL = {
kdc = dc01.MYDOMAIN.lcl
admin_server = dc01.MYDOMAIN.lcl
}

MYDOMAIN.LCL = {
kdc = DC01.MYDOMAIN.LCL
kdc = DC01.MYDOMAIN.LCL
kdc = DC01.MYDOMAIN.LCL
}

DC01.MYDOMAIN.LCL = {
}

[domain_realm]
mydomain.lcl = MYDOMAIN.LCL
.mydomain.lcl = MYDOMAIN.LCL

US

Responses