CentOS machine keeps “losing” active directory membership The 2019 Stack Overflow Developer Survey Results Are Insssd configuration with Active directoryAdding CentOS 7 to Active DirectoryFailed to join domain: failed to set machine kerberos encryption types: Insufficient accessUse sssd to join a redhat 7 machine to Active Directory domain without prompting the passwordauto groups in CentOS 7 in Active Directory domain?Active Directory Domain passphrases with white spacesWhy isn't my principal found in the Kerberos database?Connecting to Active Directory (possibly with winbind)sssd and Active Directory user does not exist in CentOSSetting login shell in SSS configuration for users from Active Directory
Where does the "burst of radiance" from Holy Weapon originate?
How was Skylab's orbit inclination chosen?
"What time...?" or "At what time...?" - what is more grammatically correct?
Falsification in Math vs Science
Realistic Alternatives to Dust: What Else Could Feed a Plankton Bloom?
What does Linus Torvalds mean when he says that Git "never ever" tracks a file?
How to answer pointed "are you quitting" questioning when I don't want them to suspect
It's possible to achieve negative score?
Output the Arecibo Message
Limit the amount of RAM Mathematica may access?
Should I write numbers in words or as numerals when there are multiple next to each other?
Is domain driven design an anti-SQL pattern?
In microwave frequencies, do you use a circulator when you need a (near) perfect diode?
I looked up a future colleague on LinkedIn before I started a job. I told my colleague about it and he seemed surprised. Should I apologize?
Should I use my personal or workplace e-mail when registering to external websites for work purpose?
JSON.serialize: is it possible to suppress null values of a map?
Is this food a bread or a loaf?
Inversion Puzzle
Manuscript was "unsubmitted" because the manuscript was deposited in Arxiv Preprints
Understanding the implication of what "well-defined" means for the operation in quotient group
Carnot-Caratheodory metric
How to change the limits of integration
How long do I have to send payment?
The difference between dialogue marks
CentOS machine keeps “losing” active directory membership
The 2019 Stack Overflow Developer Survey Results Are Insssd configuration with Active directoryAdding CentOS 7 to Active DirectoryFailed to join domain: failed to set machine kerberos encryption types: Insufficient accessUse sssd to join a redhat 7 machine to Active Directory domain without prompting the passwordauto groups in CentOS 7 in Active Directory domain?Active Directory Domain passphrases with white spacesWhy isn't my principal found in the Kerberos database?Connecting to Active Directory (possibly with winbind)sssd and Active Directory user does not exist in CentOSSetting login shell in SSS configuration for users from Active Directory
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.
I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.
Any suggestions?
Here's the script (with password obscured)
#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL
-U Administrator%xxxxxxxxxxxxxxxxx
centos cron active-directory domain
add a comment |
All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.
I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.
Any suggestions?
Here's the script (with password obscured)
#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL
-U Administrator%xxxxxxxxxxxxxxxxx
centos cron active-directory domain
What do the logs say?
– slm♦
Oct 24 '14 at 12:36
Which logs do you mean?
– Jim Stowe
Oct 24 '14 at 12:42
I'd start with/var/log/messages
, and do als -lr /var/log/
and see what files are towards the bottom, these are the ones that have activity in them. Also if you have/var/log/samba
I'd look in there as well. Thenet
command is part of Samba.
– slm♦
Oct 24 '14 at 13:02
add a comment |
All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.
I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.
Any suggestions?
Here's the script (with password obscured)
#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL
-U Administrator%xxxxxxxxxxxxxxxxx
centos cron active-directory domain
All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.
I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.
Any suggestions?
Here's the script (with password obscured)
#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL
-U Administrator%xxxxxxxxxxxxxxxxx
centos cron active-directory domain
centos cron active-directory domain
edited Oct 24 '14 at 12:36
slm♦
256k71541687
256k71541687
asked Oct 24 '14 at 12:20
Jim StoweJim Stowe
61
61
What do the logs say?
– slm♦
Oct 24 '14 at 12:36
Which logs do you mean?
– Jim Stowe
Oct 24 '14 at 12:42
I'd start with/var/log/messages
, and do als -lr /var/log/
and see what files are towards the bottom, these are the ones that have activity in them. Also if you have/var/log/samba
I'd look in there as well. Thenet
command is part of Samba.
– slm♦
Oct 24 '14 at 13:02
add a comment |
What do the logs say?
– slm♦
Oct 24 '14 at 12:36
Which logs do you mean?
– Jim Stowe
Oct 24 '14 at 12:42
I'd start with/var/log/messages
, and do als -lr /var/log/
and see what files are towards the bottom, these are the ones that have activity in them. Also if you have/var/log/samba
I'd look in there as well. Thenet
command is part of Samba.
– slm♦
Oct 24 '14 at 13:02
What do the logs say?
– slm♦
Oct 24 '14 at 12:36
What do the logs say?
– slm♦
Oct 24 '14 at 12:36
Which logs do you mean?
– Jim Stowe
Oct 24 '14 at 12:42
Which logs do you mean?
– Jim Stowe
Oct 24 '14 at 12:42
I'd start with
/var/log/messages
, and do a ls -lr /var/log/
and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba
I'd look in there as well. The net
command is part of Samba.– slm♦
Oct 24 '14 at 13:02
I'd start with
/var/log/messages
, and do a ls -lr /var/log/
and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba
I'd look in there as well. The net
command is part of Samba.– slm♦
Oct 24 '14 at 13:02
add a comment |
1 Answer
1
active
oldest
votes
You could use the kerberos keytab file:
net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
net ads keytab create
net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK
Then use the keytab file in your samba
configuration:
$ grep -i keytab /etc/samba/smb.conf
kerberos method = secrets and keytab
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f163992%2fcentos-machine-keeps-losing-active-directory-membership%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You could use the kerberos keytab file:
net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
net ads keytab create
net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK
Then use the keytab file in your samba
configuration:
$ grep -i keytab /etc/samba/smb.conf
kerberos method = secrets and keytab
add a comment |
You could use the kerberos keytab file:
net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
net ads keytab create
net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK
Then use the keytab file in your samba
configuration:
$ grep -i keytab /etc/samba/smb.conf
kerberos method = secrets and keytab
add a comment |
You could use the kerberos keytab file:
net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
net ads keytab create
net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK
Then use the keytab file in your samba
configuration:
$ grep -i keytab /etc/samba/smb.conf
kerberos method = secrets and keytab
You could use the kerberos keytab file:
net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
net ads keytab create
net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK
Then use the keytab file in your samba
configuration:
$ grep -i keytab /etc/samba/smb.conf
kerberos method = secrets and keytab
answered Oct 24 '14 at 12:39
geedoubleyageedoubleya
3,0931118
3,0931118
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f163992%2fcentos-machine-keeps-losing-active-directory-membership%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-active-directory, centos, cron, domain
What do the logs say?
– slm♦
Oct 24 '14 at 12:36
Which logs do you mean?
– Jim Stowe
Oct 24 '14 at 12:42
I'd start with
/var/log/messages
, and do als -lr /var/log/
and see what files are towards the bottom, these are the ones that have activity in them. Also if you have/var/log/samba
I'd look in there as well. Thenet
command is part of Samba.– slm♦
Oct 24 '14 at 13:02