CentOS machine keeps “losing” active directory membership The 2019 Stack Overflow Developer Survey Results Are Insssd configuration with Active directoryAdding CentOS 7 to Active DirectoryFailed to join domain: failed to set machine kerberos encryption types: Insufficient accessUse sssd to join a redhat 7 machine to Active Directory domain without prompting the passwordauto groups in CentOS 7 in Active Directory domain?Active Directory Domain passphrases with white spacesWhy isn't my principal found in the Kerberos database?Connecting to Active Directory (possibly with winbind)sssd and Active Directory user does not exist in CentOSSetting login shell in SSS configuration for users from Active Directory

Where does the "burst of radiance" from Holy Weapon originate?

How was Skylab's orbit inclination chosen?

"What time...?" or "At what time...?" - what is more grammatically correct?

Falsification in Math vs Science

Realistic Alternatives to Dust: What Else Could Feed a Plankton Bloom?

What does Linus Torvalds mean when he says that Git "never ever" tracks a file?

How to answer pointed "are you quitting" questioning when I don't want them to suspect

It's possible to achieve negative score?

Output the Arecibo Message

Limit the amount of RAM Mathematica may access?

Should I write numbers in words or as numerals when there are multiple next to each other?

Is domain driven design an anti-SQL pattern?

In microwave frequencies, do you use a circulator when you need a (near) perfect diode?

I looked up a future colleague on LinkedIn before I started a job. I told my colleague about it and he seemed surprised. Should I apologize?

Should I use my personal or workplace e-mail when registering to external websites for work purpose?

JSON.serialize: is it possible to suppress null values of a map?

Is this food a bread or a loaf?

Inversion Puzzle

Manuscript was "unsubmitted" because the manuscript was deposited in Arxiv Preprints

Understanding the implication of what "well-defined" means for the operation in quotient group

Carnot-Caratheodory metric

How to change the limits of integration

How long do I have to send payment?

The difference between dialogue marks



CentOS machine keeps “losing” active directory membership



The 2019 Stack Overflow Developer Survey Results Are Insssd configuration with Active directoryAdding CentOS 7 to Active DirectoryFailed to join domain: failed to set machine kerberos encryption types: Insufficient accessUse sssd to join a redhat 7 machine to Active Directory domain without prompting the passwordauto groups in CentOS 7 in Active Directory domain?Active Directory Domain passphrases with white spacesWhy isn't my principal found in the Kerberos database?Connecting to Active Directory (possibly with winbind)sssd and Active Directory user does not exist in CentOSSetting login shell in SSS configuration for users from Active Directory



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.



I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.



Any suggestions?



Here's the script (with password obscured)



#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL 
 -U Administrator%xxxxxxxxxxxxxxxxx





centos cron active-directory domain







share|improve this question
























  • What do the logs say?

    – slm
    Oct 24 '14 at 12:36











  • Which logs do you mean?

    – Jim Stowe
    Oct 24 '14 at 12:42











  • I'd start with /var/log/messages, and do a ls -lr /var/log/ and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba I'd look in there as well. The net command is part of Samba.

    – slm
    Oct 24 '14 at 13:02


















1















All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.



I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.



Any suggestions?



Here's the script (with password obscured)



#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL 
 -U Administrator%xxxxxxxxxxxxxxxxx





centos cron active-directory domain







share|improve this question
























  • What do the logs say?

    – slm
    Oct 24 '14 at 12:36











  • Which logs do you mean?

    – Jim Stowe
    Oct 24 '14 at 12:42











  • I'd start with /var/log/messages, and do a ls -lr /var/log/ and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba I'd look in there as well. The net command is part of Samba.

    – slm
    Oct 24 '14 at 13:02














1












1








1








All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.



I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.



Any suggestions?



Here's the script (with password obscured)



#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL 
 -U Administrator%xxxxxxxxxxxxxxxxx





centos cron active-directory domain







share|improve this question
















All of our CentOS 6 machines have been joined to our active directory domain. Each of these machines eventually "loses" their domain membership, which breaks authentication for AD users.



I created a simple shell script to force a domain join every five hours (using cron). The script is seems to be running without error, but machines STILL lose their domain membership.



Any suggestions?



Here's the script (with password obscured)



#!/bin/bash
/usr/bin/net join -w MCKISSOCKLP -S MCKISSOCKLPDC1.MCKISSOCKLP.LOCAL 
 -U Administrator%xxxxxxxxxxxxxxxxx





centos cron active-directory domain




centos cron active-directory domain






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 24 '14 at 12:36









slm

256k71541687




256k71541687










asked Oct 24 '14 at 12:20









Jim StoweJim Stowe

61




61












  • What do the logs say?

    – slm
    Oct 24 '14 at 12:36











  • Which logs do you mean?

    – Jim Stowe
    Oct 24 '14 at 12:42











  • I'd start with /var/log/messages, and do a ls -lr /var/log/ and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba I'd look in there as well. The net command is part of Samba.

    – slm
    Oct 24 '14 at 13:02


















  • What do the logs say?

    – slm
    Oct 24 '14 at 12:36











  • Which logs do you mean?

    – Jim Stowe
    Oct 24 '14 at 12:42











  • I'd start with /var/log/messages, and do a ls -lr /var/log/ and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba I'd look in there as well. The net command is part of Samba.

    – slm
    Oct 24 '14 at 13:02

















What do the logs say?

– slm
Oct 24 '14 at 12:36





What do the logs say?

– slm
Oct 24 '14 at 12:36













Which logs do you mean?

– Jim Stowe
Oct 24 '14 at 12:42





Which logs do you mean?

– Jim Stowe
Oct 24 '14 at 12:42













I'd start with /var/log/messages, and do a ls -lr /var/log/ and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba I'd look in there as well. The net command is part of Samba.

– slm
Oct 24 '14 at 13:02






I'd start with /var/log/messages, and do a ls -lr /var/log/ and see what files are towards the bottom, these are the ones that have activity in them. Also if you have /var/log/samba I'd look in there as well. The net command is part of Samba.

– slm
Oct 24 '14 at 13:02











1 Answer
1






active

oldest

votes


















0














You could use the kerberos keytab file:



net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
net ads keytab create
net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK


Then use the keytab file in your samba configuration:



$ grep -i keytab /etc/samba/smb.conf
 kerberos method = secrets and keytab





share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f163992%2fcentos-machine-keeps-losing-active-directory-membership%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You could use the kerberos keytab file:



    net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
    net ads keytab create
    net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK


    Then use the keytab file in your samba configuration:



    $ grep -i keytab /etc/samba/smb.conf
     kerberos method = secrets and keytab





    share|improve this answer



























      0














      You could use the kerberos keytab file:



      net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
      net ads keytab create
      net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK


      Then use the keytab file in your samba configuration:



      $ grep -i keytab /etc/samba/smb.conf
       kerberos method = secrets and keytab





      share|improve this answer

























        0












        0








        0







        You could use the kerberos keytab file:



        net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
        net ads keytab create
        net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK


        Then use the keytab file in your samba configuration:



        $ grep -i keytab /etc/samba/smb.conf
         kerberos method = secrets and keytab





        share|improve this answer













        You could use the kerberos keytab file:



        net ads join createupn=host/`hostname -f`@ADIRE.DOMAIN.CO.UK -U priviledged_user
        net ads keytab create
        net ads keytab add host/`hostname -f`@ADIRE.DOMAIN.CO.UK


        Then use the keytab file in your samba configuration:



        $ grep -i keytab /etc/samba/smb.conf
         kerberos method = secrets and keytab






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Oct 24 '14 at 12:39









        geedoubleyageedoubleya

        3,0931118




        3,0931118



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f163992%2fcentos-machine-keeps-losing-active-directory-membership%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -active-directory, centos, cron, domain
            -

            Popular posts from this blog

            Mobil Contents History Mobil brands Former Mobil brands Lukoil transaction Mobil UK Mobil Australia Mobil New Zealand Mobil Greece Mobil in Japan Mobil in Canada Mobil Egypt See also References External links Navigation menuwww.mobil.com"Mobil Corporation"the original"Our Houston campus""Business & Finance: Socony-Vacuum Corp.""Popular Mechanics""Lubrite Technologies""Exxon Mobil campus 'clearly happening'""Toledo Blade - Google News Archive Search""The Lion and the Moose - How 2 Executives Pulled off the Biggest Merger Ever""ExxonMobil Press Release""Lubricants""Archived copy"the original"Mobil 1™ and Mobil Super™ motor oil and synthetic motor oil - Mobil™ Motor Oils""Mobil Delvac""Mobil Industrial website""The State of Competition in Gasoline Marketing: The Effects of Refiner Operations at Retail""Mobil Travel Guide to become Forbes Travel Guide""Hotel Rankings: Forbes Merges with Mobil"the original"Jamieson oil industry history""Mobil news""Caltex pumps for control""Watchdog blocks Caltex bid""Exxon Mobil sells service station network""Mobil Oil New Zealand Limited is New Zealand's oldest oil company, with predecessor companies having first established a presence in the country in 1896""ExxonMobil subsidiaries have a business history in New Zealand stretching back more than 120 years. We are involved in petroleum refining and distribution and the marketing of fuels, lubricants and chemical products""Archived copy"the original"Exxon Mobil to Sell Its Japanese Arm for $3.9 Billion""Gas station merger will end Esso and Mobil's long run in Japan""Esso moves to affiliate itself with PC Optimum, no longer Aeroplan, in loyalty point switch""Mobil brand of gas stations to launch in Canada after deal for 213 Loblaws-owned locations""Mobil Nears Completion of Rebranding 200 Loblaw Gas Stations""Learn about ExxonMobil's operations in Egypt""Petrol and Diesel Service Stations in Egypt - Mobil"Official websiteExxon Mobil corporate websiteMobil Industrial official websiteeeeeeeeDA04275022275790-40000 0001 0860 5061n82045453134887257134887257

            Image
            Aera EnergyEssoEsso AustraliaExxonExxon NeftegasHumble OilImperial OilMagnolia Petroleum CompanyMobilMobil Producing NigeriaPetronSeaRiver MaritimeSuperior Oil CompanySyncrudeVacuum Oil CompanyXTO EnergyBaton Rouge RefineryBaytown RefineryMilford HavenExxon Building (New York)Fawley RefineryImperial Oil BuildingMossmorranNanticoke Refinery2010 ExxonMobil oil spill2010 Port Arthur oil spill2013 Mayflower oil spill Exxon Valdez oil spillGreenpoint oil spillSS Atlantic Empress SS Esso Brussels Colony Shale Oil ProjectEast-Prinovozemelsky fieldGoose Creek Oil FieldKearl Oil Sands ProjectKizomba deepwater projectOrmen LangePembina oil fieldPrudhoe Bay Oil FieldSable Offshore Energy ProjectSakhalin-ITengiz FieldTern oilfieldTuapse fieldWest Qurna FieldNational OilSasolSparSpar Express759 Store7-ElevenCircle KCUDaily YamazakiFamilyMartGS25LawsonMinistopParknShopPoplarSparStorywayVanGOemartSparampmBuy the WayBP ConnectCircle K SunkusDaily StopOn the Run7-ElevenBargain BoozeBest-OneBP ConnectB
            Read more

            Frič See also Navigation menuinternal link

            Image
            SurnamesCzech-language surnames ‹ The template Infobox surname is being considered for merging. › Frič Origin Language(s) Czechized German (eastern Middle German dialects and Alemannic German) - Thuringian, Upper Saxon, Low Lusatian, Silesian Meaning derived from German: Friedrich Other names Variant(s) Fritsch, Fritzsch, Frycz, Fricz, Fryczyński, Frietsch, Fritsche, Fritzsche; Fritschi (Alemannic), Fritz, Fritze, Fritzel, Fritzl, Fritzke, Fritzen Frič is a Czechized German surname. Notable people with the surname include: Alberto Vojtěch Frič, Czech botanist Antonín Jan Frič (Fritsch) , Czech paleontologist Jaroslav Erik Frič, Czech poet Martin Frič, Czech film director, screenwriter and actor See also Fričovce (Hungarian: Frics ) .mw-parser-output table.dmboxclear:both;margin:0.9em 1em;border-top:1px solid #ccc;border-bottom:1px solid #ccc;background-color:transparent Surname list This page lists people with the surname Frič . If an internal link intending to refer to a specifi
            Read more

            Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

            Image
            Apollo command module space walk? prime numbers and expressing non-prime numbers Can a non-EU citizen traveling with me come with me through the EU passport line? Extract all GPU name, model and GPU ram How to deal with a team lead who never gives me credit? Why was the term "discrete" used in discrete logarithm? Why do we bend a book to keep it straight? When do you get frequent flier miles - when you buy, or when you fly? How come Sam didn't become Lord of Horn Hill? At the end of Thor: Ragnarok why don't the Asgardians turn and head for the Bifrost as per their original plan? Is it true that "carbohydrates are of no use for the basal metabolic need"? Using et al. for a last / senior author rather than for a first author How to tell that you are a giant? How to react to hostile behavior from a senior developer? String `!23` is replaced with `docker` in command line How to find out what spells would be useless to a blind NPC sp
            Read more