09-25-2002
thnak you
Thank everyone for there response... I have been working on finding an answer myself and continue to do so but in the meantime any furhter help would be apprectiated I have it down to only the following error. I have one win 2000 DC and win 2000 web server and this redhat machine I ma trying to get to join the domain
the error I get now is
fetch_domain_sid: unable to connect to SMB server on machine domain controller. Error was : SUCCESS - 0.
Failed to get domain SID. Unable to join domain DOMAIN
10 More Discussions You Might Find Interesting
1. Cybersecurity
I need to use the RSH command to run a shell script on my Unix box from Win 2000. I'm using the etc/hosts.equiv file for configuring Unix. In it I have the hostname and username as required. As a test, I enter the following on the Win 2000 dos command: rsh servername -l username df -k.
The... (8 Replies)
Discussion started by: ebergh
8 Replies
2. Programming
Hello.
I am programming in C on HP-UNIX system,i want ftp a file from remote pc which is window 2000 system,i donot how config my HP-UNIX and pc, i donot how program in C or in shell.
Thank you for help. (3 Replies)
Discussion started by: bdyjm
3 Replies
3. Windows & DOS: Issues & Discussions
Dear user
sorry if the subject is not for that fourm .. but I get mad .. I wana solve that problem.. I started my new semster .. and last semster.. and there I use the net under a very huge list of restriction .. no msn massenger .. no yahoo massenger .. no underground site .. no fourms (I am ... (2 Replies)
Discussion started by: RuDe_BuT_CoOoL
2 Replies
4. UNIX for Advanced & Expert Users
Hi,
I have set up Samba on my Unix machine.
I can se the server in the Network on my 2000 and NT machine
but when i try to connect from the 2000 Workstation it says something like "the account can not be used from this machine", when i connect from my NT server the BDC on the network it ask me... (6 Replies)
Discussion started by: sajjan2
6 Replies
5. UNIX for Dummies Questions & Answers
Hi Brothers,
Please, I've just purchased a new PC and I would like to have both win 2000 and freebsd in the same hard drive, ( 40GB and 128Mb ) can you please help how to set up my new hard drive , please!
Thank you.....
aka Polymorphous (2 Replies)
Discussion started by: Polymorphous
2 Replies
6. UNIX for Advanced & Expert Users
I have a samba server and a raid SAN which is actually running samba. Neither one lets me access anything on the samba unix side. I really do not know where to look anymore. there are no errors. When I try to connect to the samba server I get prompted with login and password repeatedly.
Frank (4 Replies)
Discussion started by: frankkahle
4 Replies
7. Linux
Hi everyone,
I wonder if anyone ever came across the idea of unifying AD and Linux user accounts
We have a Linux machine with 'samba' 'winbind' service configured to let Windows AD users to logon locally using their AD accounts and passwords.
I can use 'su' to get to the local user privilege... (0 Replies)
Discussion started by: will_mike
0 Replies
8. Ubuntu
Hi guys,
i am having a problem :confused:actually i never did this before,so please help me to join nis domain to an ubuntu workstation.
As i have configured and running NIS Server on RedHat 4.0 in my network and want to set an ubuntu workstation as client.
please tell all steps......looking for... (2 Replies)
Discussion started by: daya.pandit
2 Replies
9. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
I have a barebones XP Pro SP2 with no firewall.
CentOS 5.xx running a Samba 3.xx Domain (PDC)
The XP machine... (2 Replies)
Discussion started by: pogipants
2 Replies
10. Red Hat
Looking for open source software to join my RHEL6.x to AD domain for .
- Domain login
- Group based restriction
Already tested
- Pbis open -> But rejected as some library conflicts
- Realmd -> Not supportive for RHEL 6.x
Please suggest any open source tools (2 Replies)
Discussion started by: Shirishlnx
2 Replies
LEARN ABOUT CENTOS
ipa-join
ipa-join(1) IPA Manual Pages ipa-join(1)
NAME
ipa-join - Join a machine to an IPA realm and get a keytab for the host service principal
SYNOPSIS
ipa-join [-d|--debug] [-q|--quiet] [-u|--unenroll] [-h|--hostname hostname] [-s|--server hostame] [-k|--keytab filename] [-w|--bindpw pass-
word] [-b|--basedn basedn] [-?|--help] [--usage]
DESCRIPTION
Joins a host to an IPA realm and retrieves a kerberos keytab for the host service principal, or unenrolls an enrolled host from an IPA
server.
Kerberos keytabs are used for services (like sshd) to perform kerberos authentication. A keytab is a file with one or more secrets (or
keys) for a kerberos principal.
The ipa-join command will create and retrieve a service principal for host/foo.example.com@EXAMPLE.COM and place it by default into
/etc/krb5.keytab. The location can be overridden with the -k option.
The IPA server to contact is set in /etc/ipa/default.conf by default and can be overridden using the -s,--server option.
In order to join the machine needs to be authenticated. This can happen in one of two ways:
* Authenticate using the current kerberos principal
* Provide a password to authenticate with
If a client host has already been joined to the IPA realm the ipa-join command will fail. The host will need to be removed from the server
using `ipa host-del FQDN` in order to join the client to the realm.
This command is normally executed by the ipa-client-install command as part of the enrollment process.
The reverse is unenrollment. Unenrolling a host removes the Kerberos key on the IPA server. This prepares the host to be re-enrolled. This
uses the host principal stored in /etc/krb5.conf to authenticate to the IPA server to perform the unenrollment.
Please note, that while the ipa-join option removes the client from the domain, it does not actually uninstall the client or properly
remove all of the IPA-related configuration. The only way to uninstall a client completely is to use ipa-client-install --uninstall (see
ipa-client-install(1)).
OPTIONS
-h,--hostname hostname
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
-s,--server server
The hostname of the IPA server (FQDN). Note that by default there is no /etc/ipa/default.conf, in most cases it needs to be sup-
plied.
-k,--keytab keytab-file
The keytab file where to append the new key (will be created if it does not exist). Default: /etc/krb5.keytab
-w,--bindpw password
The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA
server)
-b,--basedn basedn
The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anony-
mous binds are disallowed in the IPA LDAP server.
-f,--force
Force enrolling the host even if host entry exists.
-u,--unenroll
Unenroll this host from the IPA server. No keytab entry is removed in the process (see ipa-rmkeytab(1)).
-q,--quiet
Quiet mode. Only errors are displayed.
-d,--debug
Print the raw XML-RPC output in GSSAPI mode.
EXAMPLES
Join IPA domain and retrieve a keytab with kerberos credentials.
# kinit admin
# ipa-join
Join IPA domain and retrieve a keytab using a one-time password.
# ipa-join -w secret123
Join IPA domain and save the keytab in another location.
# ipa-join -k /tmp/host.keytab
EXIT STATUS
The exit status is 0 on success, nonzero on error.
0 Success
1 Kerberos context initialization failed
2 Incorrect usage
3 Out of memory
4 Invalid service principal name
5 No Kerberos credentials cache
6 No Kerberos principal and no bind DN and password
7 Failed to open keytab
8 Failed to create key material
9 Setting keytab failed
10 Bind password required when using a bind DN
11 Failed to add key to keytab
12 Failed to close keytab
13 Host is already enrolled
14 LDAP failure
15 Incorrect bulk password
16 Host name must be fully-qualified
17 XML-RPC fault
18 Principal not found in host entry
19 Unable to generate Kerberos credentials cache
20 Unenrollment result not in XML-RPC response
21 Failed to get default Kerberos realm
SEE ALSO
ipa-rmkeytab(1) ipa-client-install(1)
IPA
Oct 8 2009 ipa-join(1)