I have installed windows NIS on my domain controller and am trying to get a linux system included in the domain. I have install NIS, winbind and samba on the linux system. I have setup samba with the following:
workgroup = Accounting
password server = nestucca
realm = ACCOUNTING.EDT.LOCAL
security = ads
idmap backend = rid
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = false
When I added the linux system to the domain is seemed to work. When I do a 'net ads info' I get:
LDAP server: 10.10.10.1
LDAP server name: nestucca.Accounting.edt.local
Realm: ACCOUNTING.EDT.LOCAL
Bind Path: dc=ACCOUNTING,dc=EDT,dc=LOCAL
LDAP port: 389
Server time: Wed, 13 Jun 2012 09:07:36 PDT
KDC server: 10.10.10.1
Server time offset: 239

but is I do any other command I get the following error after typing the root password:
[root@wood etc]# net ads status
Enter root's password:
kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
If I try to log in to the domain controller I get the following error:
the name of security Id (SID) of the domain specified is inconsistent with the trust information for that domain.
What can I do to get logged in to the domain controller?

thanks.

Need to support users over the internet? click here try our remote control online beta

I have installed windows NIS on my domain controller and am trying to get a linux system included in the domain. I have install NIS, winbind and samba on the linux system. I have setup samba with the following:
workgroup = Accounting
password server = nestucca
realm = ACCOUNTING.EDT.LOCAL
security = ads
idmap backend = rid
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = false
When I added the linux system to the domain is seemed to work. When I do a 'net ads info' I get:
LDAP server: 10.10.10.1
LDAP server name: nestucca.Accounting.edt.local
Realm: ACCOUNTING.EDT.LOCAL
Bind Path: dc=ACCOUNTING,dc=EDT,dc=LOCAL
LDAP port: 389
Server time: Wed, 13 Jun 2012 09:07:36 PDT
KDC server: 10.10.10.1
Server time offset: 239
but is I do any other command I get the following error after typing the root password:
[root@wood etc]# net ads status
Enter root's password:
kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
If I try to log in to the domain controller I get the following error:
the name of security Id (SID) of the domain specified is inconsistent with the trust information for that domain.
What can I do to get logged in to the domain controller?
thanks.
** Also posted in the general forum**

Need to support users over the internet? click here try our remote control online beta

Hi,

Thanks for posting in Microsoft TechNet forums.

Please check the thread below to see if it can helpful in your situation:

Error while logging into Trust domain


http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/e924e80a-ade5-4325-b483-c1e49eba5527


Regards

Kevin

There is an amazing pack of free network admin tools. click here to download it

Thanks for the help, but that is not the problem I have.

This is NOT a cloned system! Everything that I have read regarding this error points to a cloned system. I installed and configured NIS on the DC. Then I installed winbind and samba on a linux system and did the 'net ads join' to put the linux
system in the domain. Once I did the join I have not been able to log into the DC at all. This is where I get the error.
How can I log in to the domain controller?

thanks

Need to support users over the internet? click here try our remote control online beta

Hi,

Thank you for clarifying the issue for us.

If we remove the Linux system from the domain, can the problem DC be logged into?

Regards

KevinTechNet Community Support

There is an amazing pack of free network admin tools. click here to download it

Kevin,
I have tried doing a 'net ads leave' on the linux system, these are the errors :

kerberos_kinit_password root@ACCOUNTING.EDT.LOCAL failed: Client not found in Kerberos database
Failed to leave domain: failed to connect to AD: Client not found in Kerberos database
-----
If I do a 'net ads testjoin' I get back "join is ok"
if I do a 'net ads join' I get:
Failed to join domain: failed to lookup DC info for domain 'ACCOUNTING.EDT.LOCAL' over rpc: Logon failure

So, where do I go from here?
thanks

There is an amazing pack of free network admin tools. click here to download it

Hi,
It seems the authenticaition failure because of Kerberos issue. Didi you create Kerberos Keytab for Samba? Resources for your reference:



http://blog.scottlowe.org/2006/12/19/using-samba-in-linux-ad-integration/


http://www.tulg.org/docs/samba_ads_kerb.html


http://technet.microsoft.com/en-us/library/cc779157(WS.10).aspx

Thanks, BrianPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

There is an amazing pack of free network admin tools. click here to download it

Brian,
thanks that help a bunch! After going through a couple of those resources I have been able to join the domain and reference information from the domain on the linux system.
But I still am not able to log in to the DC using my account or the administrators account.

Any ideas as to why this is happening? I am still getting the same error:
"The name of security Id (SID) of the domain specified is inconsistent with the trust information for that domain."
thanks again!

Need to support users over the internet? click here try our remote control online beta

Okay, maybe after reading my last reply it is not evident of what I can not do!
1. from my linux system I can not log in using my domain account.
but more important
2. I can not log in to the DC from the console or from a remote desktop at all. This is when I get the security ID error. This is the problem that I really need to get fixed. How can I get logged in?

Need to support users over the internet? click here try our remote control online beta

so, there is no one in the technet realm that knows how to get around or fix this error?
What do folks do when they have problems like this? rebuild? that's ugly!

I would think MS would have a better answer than this!

Why would any os let an installed product change the Sid of the DC. You would think that this would not be allowed!

Need to support users over the internet? click here try our remote control online beta

Hi,

Do you mean all the account fail to logon to that DC? or the issue only occurs on the specific account? Do you use a cross-domain account?

Thanks, BrianPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

There is an amazing pack of free network admin tools. click here to download it

Brian,
As far as I know none of the accounts can log in to the DC. Normal users typically don't log in they just have access to the users disk via mapped drives.
Being the admin I log in quite a bit using either my domain admin account of the administrators account.
There is no cross-domain. We only have one domain. I do have a backup DC that I can log in to but it does not run some of the software that the primary DC runs. I can log into the backup DC without any problems.
any help is really appreciated
thanks

There is an amazing pack of free network admin tools. click here to download it