Author Topic: ubuntu machine join to a zentyal domain using Centrify  (Read 3466 times)


  • Zen Monk
  • **
  • Posts: 57
  • Karma: +5/-0
    • View Profile
ubuntu machine join to a zentyal domain using Centrify
« on: November 28, 2011, 10:49:52 pm »

Trying to join ubuntu machine  to a zentyal domain (srv01) using Centrify.

Code: [Select]
Running ./adcheck-deb5-x86_64 ...
NSHOSTS  : Check hosts line in /etc/nsswitch.conf                      : Pass
DNSPROBE : Probe DNS server                               : Pass
DNSCHECK : Analyze basic health of DNS servers                         : Warning
         : Only one DNS server was found in /etc/resolv.conf.
         : At least one backup DNS server is recommended for
         : enterprise installations.
         : Only one good DNS server was found
         : You might be able to continue but it is likely that you
         : will have problems.
         : Add more good DNS servers into /etc/resolv.conf.

WHATSSH  : Is this an SSH that DirectControl works well with           : Note
         : No SSH daemon running on this computer.

DOMNAME  : Check that the domain name is reasonable                    : Warning
         : srv01 does not look like a domain name.
         : It should contain at least one dot ('.') character.

ADDC     : Find domain controllers in DNS                              : Pass
ADDNS    : DNS lookup of DC srv01.srv01                                : Pass
ADPORT   : Port scan of DC srv01.srv01                                 : Warning
         : One or more ports failed to respond correctly. Either:
         :   a) the DC is offline
         :   b) a firewall is preventing access to a port
         : The following is a list of failed ports:
         :    ldap(389)/udp - timeout
         :    kerb(88)/tcp - refused
         :    kerb(88)/udp - refused
         :    kpass(464)/tcp - refused

ADDC     : Check Domain Controllers                                    : Pass
ADGC     : Check Global Catalog servers                                : Warning
         : There is no GC in site "".
         : It is recommended that a GC exist in each site.

DCUP     : Check for operational DCs in srv01                          : Failed

As i understand it fails while asking server through UDP 389, but it`s closed.

Code: [Select]
sudo nmap -sU -P0 -p 389

Starting Nmap 5.21 ( ) at 2011-11-29 01:22 MSK
Nmap scan report for srv01.srv01 (
Host is up (0.00011s latency).
389/udp closed ldap
MAC Address: 00:40:F4:98:82:BC (Cameo Communications)

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
telnet srv01 389 - is ok

I added udp 389 to network->services->ldap
Code: [Select]
sudo iptables -t filter -nL | grep 389
ACCEPT     udp  --             udp dpt:389 state NEW
ACCEPT     tcp  --             tcp dpt:389 state NEW

but still have the same error.

Need assistance.

Thank you.
« Last Edit: November 29, 2011, 08:54:47 pm by alphaed »


  • Zen Monk
  • **
  • Posts: 57
  • Karma: +5/-0
    • View Profile
Re: UDP 389
« Reply #1 on: November 29, 2011, 08:53:37 pm »
I turned off firewall module.
Code: [Select]
sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

and got the same errors :o

In that Centrify there is a diag tool
Code: [Select]
adinfo -g srv01
adinfo (CentrifyDC 5.0.1-177)

Host Diagnostics
  uname: Linux Main 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64
  OS: Ubuntu
  Version: 11.10 (oneiric)
  Number of CPUs: 8

IP Diagnostics
  Local host name: main
  Local IP Address:
    Not found in DNS!Make sure it is in Reverse Lookup Zone.
  FQDN host name:main (domain missing?)

Domain Diagnostics
  Domain: srv01
  Subnet site:
WARNING! Unable to locate computer's subnet site in Active Directory.
Ask your Active Directory administrator to add this computer's subnet
to the appropriate site.
    DNS query for: _ldap._tcp.srv01
    Found SRV records:
  Testing Active Directory connectivity:
    Domain Controller: srv01.srv01
      ldap:      389/tcp - good
      ldap:      389/udp - timeout
      smb:       445/tcp - good
      kdc:        88/tcp - refused
      kpasswd:   464/tcp - refused
      ntp:       123/udp - good
  Domain Controller: srv01.srv01:389
    Domain controller type: Windows 2000
    Domain Name:            <unavailable>
    isGlobalCatalogReady:   <unavailable>
    domainFunctionality:           <unavailable>
    forestFunctionality:           0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  Forest Name: <unavailable>
    DNS query for: _gc._tcp.<unavailable>
  Testing Active Directory connectivity:
  Forest Name: <unavailable>
Machine is not yet joined.
Provide a valid username and password to bind to Active Directory

Computer Account Diagnostics
  Not joined to any domain

System Diagnostic
  Not joined to any domain

Centrify DirectControl Status
  Not joined to any domain

Licensed Features: Disabled

Counting joins.
This may take several minutes depending on domain topology...

Unable to retrieve an authenticated binding


  • Zen Monk
  • **
  • Posts: 57
  • Karma: +5/-0
    • View Profile
Re: ubuntu machine join to a zentyal domain using Centrify
« Reply #2 on: December 02, 2011, 05:44:58 pm »
Code: [Select]
Base DN: dc=srv01
Root DN: cn=ebox,dc=srv01
Password: A4P/xihhyMmQMHs3
Users DN: ou=Users,dc=srv01
Groups DN: ou=Groups,dc=srv01
Enable PAM x
Default login shell: bash

user and group is set.
module status:
Code: [Select]
Firewall Network
DHCP Network
IDS Network
VPN Network, Firewall
Users and Groups
Virtual Machines
Web Server
VoIP Network, Users and Groups
Bandwidth Monitor Network, Logs
FTP Users and Groups
Jabber Users and Groups
Mail Network, Users and Groups
RADIUS Users and Groups
File Sharing Network, Users and Groups
User Corner Users and Groups
Groupware Mail, Web Server
Printer Sharing File Sharing

Code: [Select]
1. DNS
Enable transparent DNS cache: x
Domain IP Address
2. Hostnames
Host name IP Address
3. Mail exchangers
Host name Preference
srv01 10
4. Name servers
Host name
5. TXT records
6. Services
Service name Protocol Priority Weight Target port Target Action
kerberos TCP 0 0 88 srv01
kerberos UDP 0 0 88 srv01
ldap UDP 0 0 389 srv01
ldap TCP 0 0 389 srv01
7. IP Address
8. Dynamic

File Sharing:
Enable PDC: x
Domain name: SRV01-DOMAIN    
Netbios name: srv01
Description: Zentyal File Server
Enable roaming profiles: x
Drive letter: H
Samba group: all users

Can anybody help to add machine to domain?


  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 866
  • Karma: +59/-0
    • View Profile
Re: ubuntu machine join to a zentyal domain using Centrify
« Reply #3 on: December 03, 2011, 01:47:53 am »
I am not familiar with Centrify but it appears that the machines kerberos configuration needs looked at.