Author Topic: ubuntu machine join to a zentyal domain using Centrify  (Read 3466 times)

alphaed

  • Zen Monk
  • **
  • Posts: 57
  • Karma: +5/-0
    • View Profile
ubuntu machine join to a zentyal domain using Centrify
« on: November 28, 2011, 10:49:52 pm »
Hello

Trying to join ubuntu machine  to a zentyal domain (srv01) using Centrify.

Problem:
Code: [Select]
Running ./adcheck-deb5-x86_64 ...
NSHOSTS  : Check hosts line in /etc/nsswitch.conf                      : Pass
DNSPROBE : Probe DNS server 192.168.10.2                               : Pass
DNSCHECK : Analyze basic health of DNS servers                         : Warning
         : Only one DNS server was found in /etc/resolv.conf.
         : At least one backup DNS server is recommended for
         : enterprise installations.
         : Only one good DNS server was found
         : You might be able to continue but it is likely that you
         : will have problems.
         : Add more good DNS servers into /etc/resolv.conf.

WHATSSH  : Is this an SSH that DirectControl works well with           : Note
         : No SSH daemon running on this computer.

DOMNAME  : Check that the domain name is reasonable                    : Warning
         : srv01 does not look like a domain name.
         : It should contain at least one dot ('.') character.

ADDC     : Find domain controllers in DNS                              : Pass
ADDNS    : DNS lookup of DC srv01.srv01                                : Pass
ADPORT   : Port scan of DC srv01.srv01                                 : Warning
         : One or more ports failed to respond correctly. Either:
         :   a) the DC is offline
         :   b) a firewall is preventing access to a port
         : The following is a list of failed ports:
         :    ldap(389)/udp - timeout
         :    kerb(88)/tcp - refused
         :    kerb(88)/udp - refused
         :    kpass(464)/tcp - refused

ADDC     : Check Domain Controllers                                    : Pass
ADGC     : Check Global Catalog servers                                : Warning
         : There is no GC in site "".
         : It is recommended that a GC exist in each site.

DCUP     : Check for operational DCs in srv01                          : Failed

As i understand it fails while asking server through UDP 389, but it`s closed.

Code: [Select]
sudo nmap -sU -P0 -p 389 192.168.10.2

Starting Nmap 5.21 ( http://nmap.org ) at 2011-11-29 01:22 MSK
Nmap scan report for srv01.srv01 (192.168.10.2)
Host is up (0.00011s latency).
PORT    STATE  SERVICE
389/udp closed ldap
MAC Address: 00:40:F4:98:82:BC (Cameo Communications)

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
telnet srv01 389 - is ok

I added udp 389 to network->services->ldap
Code: [Select]
sudo iptables -t filter -nL | grep 389
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:389 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:389 state NEW

but still have the same error.

Need assistance.

Thank you.
« Last Edit: November 29, 2011, 08:54:47 pm by alphaed »

alphaed

  • Zen Monk
  • **
  • Posts: 57
  • Karma: +5/-0
    • View Profile
Re: UDP 389
« Reply #1 on: November 29, 2011, 08:53:37 pm »
I turned off firewall module.
Code: [Select]
sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

and got the same errors :o

In that Centrify there is a diag tool
Code: [Select]
adinfo -g srv01
adinfo (CentrifyDC 5.0.1-177)

Host Diagnostics
  uname: Linux Main 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64
  OS: Ubuntu
  Version: 11.10 (oneiric)
  Number of CPUs: 8

IP Diagnostics
  Local host name: main
  Local IP Address: 192.168.10.4
    Not found in DNS!Make sure it is in Reverse Lookup Zone.
  FQDN host name:main (domain missing?)

Domain Diagnostics
  Domain: srv01
  Subnet site:
WARNING! Unable to locate computer's subnet site in Active Directory.
Ask your Active Directory administrator to add this computer's subnet
to the appropriate site.
    DNS query for: _ldap._tcp.srv01
    Found SRV records:
      srv01.srv01:389
  Testing Active Directory connectivity:
    Domain Controller: srv01.srv01
      ldap:      389/tcp - good
      ldap:      389/udp - timeout
      smb:       445/tcp - good
      kdc:        88/tcp - refused
      kpasswd:   464/tcp - refused
      ntp:       123/udp - good
  Domain Controller: srv01.srv01:389
    Domain controller type: Windows 2000
    Domain Name:            <unavailable>
    isGlobalCatalogReady:   <unavailable>
    domainFunctionality:           <unavailable>
    forestFunctionality:           0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  Forest Name: <unavailable>
    DNS query for: _gc._tcp.<unavailable>
  Testing Active Directory connectivity:
  Forest Name: <unavailable>
Machine is not yet joined.
Provide a valid username and password to bind to Active Directory


Computer Account Diagnostics
  Not joined to any domain

System Diagnostic
  Not joined to any domain


Centrify DirectControl Status
  Not joined to any domain

Licensed Features: Disabled


Counting joins.
This may take several minutes depending on domain topology...

Unable to retrieve an authenticated binding

alphaed

  • Zen Monk
  • **
  • Posts: 57
  • Karma: +5/-0
    • View Profile
Re: ubuntu machine join to a zentyal domain using Centrify
« Reply #2 on: December 02, 2011, 05:44:58 pm »
Code: [Select]
Base DN: dc=srv01
Root DN: cn=ebox,dc=srv01
Password: A4P/xihhyMmQMHs3
Users DN: ou=Users,dc=srv01
Groups DN: ou=Groups,dc=srv01
Enable PAM x
Default login shell: bash

user and group is set.
module status:
Code: [Select]
Network
Firewall Network
Antivirus
DHCP Network
DNS
Backup
Events
IDS Network
IPsec
Logs
Monitoring
NTP
VPN Network, Firewall
PPTP
Users and Groups
Virtual Machines
Web Server
VoIP Network, Users and Groups
Bandwidth Monitor Network, Logs
FTP Users and Groups
Jabber Users and Groups
Mail Network, Users and Groups
RADIUS Users and Groups
File Sharing Network, Users and Groups
User Corner Users and Groups
Groupware Mail, Web Server
Printer Sharing File Sharing

dns:
Code: [Select]
1. DNS
Enable transparent DNS cache: x
Domain IP Address
srv01 192.168.10.2
2. Hostnames
Host name IP Address
srv01 192.168.10.2
3. Mail exchangers
Host name Preference
srv01 10
4. Name servers
Host name
srv01
5. TXT records
empty
6. Services
Service name Protocol Priority Weight Target port Target Action
kerberos TCP 0 0 88 srv01
kerberos UDP 0 0 88 srv01
ldap UDP 0 0 389 srv01
ldap TCP 0 0 389 srv01
7. IP Address
192.168.10.2
8. Dynamic
x

File Sharing:
Enable PDC: x
Domain name: SRV01-DOMAIN    
Netbios name: srv01
Description: Zentyal File Server
Enable roaming profiles: x
Drive letter: H
Samba group: all users

Can anybody help to add machine to domain?

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 866
  • Karma: +59/-0
    • View Profile
Re: ubuntu machine join to a zentyal domain using Centrify
« Reply #3 on: December 03, 2011, 01:47:53 am »
I am not familiar with Centrify but it appears that the machines kerberos configuration needs looked at.