Home Internet Mail Server Proxy Server Virus Windows Windows Server

Sunday, July 22, 2012

Failed to Join Active Directory in Endian Firewall


Few days ago, i try to setup new proxy using Endian Firewall (EF) version 2.5.1 for replace the old proxy, time to trial just one day and then it can't be run again because the EF can't contact with my active directory server. I try to search the problems, and then i get some errors in the samba service on EF. And then i try to re-join the domain but it failed.

Here some the steps to fix it::
  • Goto console or ssh to server
  • Edit the file /var/efw/proxy/settings, remove the NTLM_BDC line
  • Run this command for generate the winbind.conf:  /usr/local/bin/restartsamba.py
  • Edit /etc/samba/winbind.conf, change the following:
Workgroup = <domain short Name>
to
Workgroup = <Domain Full name, (the same as your realm)>
Example:
password server = DC.domain.local
realm = domain.local
workgroup = domain.local
  • Or you can edit the winbind.conf.tmpl file by run this command: /etc/samba/winbind.conf.tmpl
The line in "workgroup = ${AUTH_REALM.split(".")[0].upper()}" has to be changed to
"workgroup = ${NTLM_DOMAIN.upper()}"
  • Save the file and stop the winbind service with this command: /etc/init.d/winbind stop

  • Now try to join to Active Directory with this following command. Replace the "<username>" with your domain admin user name.
Run this command: net ads join -U <username> -s /etc/samba/winbind.conf
(this will join the server to the domain server. It will say Joined or failed)

  •  If this failed, try following command: net rpc join -U <username> -s /etc/samba/winbind.conf
  • Test by running: wbinfo --configfile=/etc/samba/winbind.conf -t
Use these following commands:
     wbinfo -t (checking the trust secret for domain via RPC calls)
     wbinfo -u (checking list of users in domain)
     wbinfo -g (checking list of groups in domain)
If you get the users and groups list in Active Directory, now its working...

  • Try go to "Access Policy" area and add the "Add access policy". And then choose "User based" or "Group basrd" from Authentication drop down menu, you should see the user list and group list.

0 comments:

Post a Comment

Home Photography
Copyright © 2017 Xiu's Blog | All Rights Reserved.