I have installed windows NIS on my domain controller and am trying to get a linux system included in the domain. I have install NIS, winbind and samba on the linux system. I have setup samba with the following: workgroup = Accounting password server = nestucca realm = ACCOUNTING.EDT.LOCAL security = ads idmap backend = rid template shell = /bin/bash winbind use default domain = false winbind offline logon = false When I added the linux system to the domain is seemed to work. When I do a 'net ads info' I get: LDAP server: 10.10.10.1 LDAP server name: nestucca.Accounting.edt.local Realm: ACCOUNTING.EDT.LOCAL Bind Path: dc=ACCOUNTING,dc=EDT,dc=LOCAL LDAP port: 389 Server time: Wed, 13 Jun 2012 09:07:36 PDT KDC server: 10.10.10.1 Server time offset: 239 but is I do any other command I get the following error after typing the root password: [root@wood etc]# net ads status Enter root's password: kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database If I try to log in to the domain controller I get the following error: the name of security Id (SID) of the domain specified is inconsistent with the trust information for that domain. What can I do to get logged in to the domain controller? thanks.

I have installed windows NIS on my domain controller and am trying to get a linux system included in the domain. I have install NIS, winbind and samba on the linux system. I have setup samba with the following: workgroup = Accounting password server = nestucca realm = ACCOUNTING.EDT.LOCAL security = ads idmap backend = rid template shell = /bin/bash winbind use default domain = false winbind offline logon = false When I added the linux system to the domain is seemed to work. When I do a 'net ads info' I get: LDAP server: 10.10.10.1 LDAP server name: nestucca.Accounting.edt.local Realm: ACCOUNTING.EDT.LOCAL Bind Path: dc=ACCOUNTING,dc=EDT,dc=LOCAL LDAP port: 389 Server time: Wed, 13 Jun 2012 09:07:36 PDT KDC server: 10.10.10.1 Server time offset: 239 but is I do any other command I get the following error after typing the root password: [root@wood etc]# net ads status Enter root's password: kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database If I try to log in to the domain controller I get the following error: the name of security Id (SID) of the domain specified is inconsistent with the trust information for that domain. What can I do to get logged in to the domain controller? thanks. ** Also posted in the general forum**

Hi, Thanks for posting in Microsoft TechNet forums. Please check the thread below to see if it can helpful in your situation: Error while logging into Trust domain http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/e924e80a-ade5-4325-b483-c1e49eba5527 Regards Kevin

Thanks for the help, but that is not the problem I have. This is NOT a cloned system! Everything that I have read regarding this error points to a cloned system. I installed and configured NIS on the DC. Then I installed winbind and samba on a linux system and did the 'net ads join' to put the linux system in the domain. Once I did the join I have not been able to log into the DC at all. This is where I get the error. How can I log in to the domain controller? thanks

Hi, Thank you for clarifying the issue for us. If we remove the Linux system from the domain, can the problem DC be logged into? Regards KevinTechNet Community Support

Kevin, I have tried doing a 'net ads leave' on the linux system, these are the errors : kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database Failed to leave domain: failed to connect to AD: Client not found in Kerberos database ----- If I do a 'net ads testjoin' I get back "join is ok" if I do a 'net ads join' I get: Failed to join domain: failed to lookup DC info for domain 'ACCOUNTING.EDT.LOCAL' over rpc: Logon failure So, where do I go from here? thanks

Hi, It seems the authenticaition failure because of Kerberos issue. Didi you create Kerberos Keytab for Samba? Resources for your reference: http://blog.scottlowe.org/2006/12/19/using-samba-in-linux-ad-integration/ http://www.tulg.org/docs/samba_ads_kerb.html http://technet.microsoft.com/en-us/library/cc779157(WS.10).aspx Thanks, BrianPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Brian, thanks that help a bunch! After going through a couple of those resources I have been able to join the domain and reference information from the domain on the linux system. But I still am not able to log in to the DC using my account or the administrators account. Any ideas as to why this is happening? I am still getting the same error: "The name of security Id (SID) of the domain specified is inconsistent with the trust information for that domain." thanks again!

Okay, maybe after reading my last reply it is not evident of what I can not do! 1. from my linux system I can not log in using my domain account. but more important 2. I can not log in to the DC from the console or from a remote desktop at all. This is when I get the security ID error. This is the problem that I really need to get fixed. How can I get logged in?

so, there is no one in the technet realm that knows how to get around or fix this error? What do folks do when they have problems like this? rebuild? that's ugly! I would think MS would have a better answer than this! Why would any os let an installed product change the Sid of the DC. You would think that this would not be allowed!

Hi, Do you mean all the account fail to logon to that DC? or the issue only occurs on the specific account? Do you use a cross-domain account? Thanks, BrianPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Brian, As far as I know none of the accounts can log in to the DC. Normal users typically don't log in they just have access to the users disk via mapped drives. Being the admin I log in quite a bit using either my domain admin account of the administrators account. There is no cross-domain. We only have one domain. I do have a backup DC that I can log in to but it does not run some of the software that the primary DC runs. I can log into the backup DC without any problems. any help is really appreciated thanks