Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Junior Member
Join Date: Aug 2009
Posts: 2
#1 (permalink)  
Old 08-25-2009, 03:19 AM
Exclamation HELP! SSO Unable to add to the Domain

Hello guys,

I have been trying for about a week to add my AWG2000 to my domain with no luck.

Active Directory configuration
Bind User DN: CN=astarosvc,CN=Users,DC=***x,DC=local and this tested fine

Active Directory Single-Sign-On (SSO)
I have added the domain ***.local and the DC ipaddress and tried to added it with the domain administrator account and it keeps displaying Joining domain failed.

I can ping the DC from the astaro
i have one NIC setup at this point in time which is in the same subnet as the dc.
I have created the astaro computer account with pre-2000 permissions
I have given the astaro a FQDN
No errors in the securioty logs on the server
I have the DC as the forwarder also.

I'm really lost now and the boss is putting the heat on me to get this up and running. Any help would be great.

Regards
Shaun Harper
Reply With Quote
Junior Member
Join Date: Aug 2009
Posts: 2
#2 (permalink)  
Old 08-25-2009, 06:18 AM
Default

Created the computer account in active directory and wanted 30mins and this fixed the issue, also make the host name the FQDN, Also have the local DNS in the forwarders tab.
Reply With Quote
Junior Member
Join Date: Aug 2008
Posts: 10
#3 (permalink)  
Old 08-25-2009, 06:23 AM
Default

Quote:
Originally Posted by shaunwh View Post
Hello guys,

I have been trying for about a week to add my AWG2000 to my domain with no luck.

Active Directory configuration
Bind User DN: CN=astarosvc,CN=Users,DC=***x,DC=local and this tested fine
First Step accomplished ;-)
Quote:
Originally Posted by shaunwh View Post
...
I can ping the DC from the astaro
i have one NIC setup at this point in time which is in the same subnet as the dc.
Good, so it isn'n a firewall issue.
Quote:
Originally Posted by shaunwh View Post
I have created the astaro computer account with pre-2000 permissions
No need to, astaro creates the computer account on its own
Quote:
Originally Posted by shaunwh View Post
I have given the astaro a FQDN
No errors in the securioty logs on the server
I have the DC as the forwarder also.
Looks fine to me.

Could you try to delete the computer account in AD and give it a shot.

If that doesn't work, please provide following axtra infomation:
- Active Driectory 2000/2003(R2)/2008(R2)?
- AD and Forest functional level

Kind regards,
Matthias
Reply With Quote
Senior Member
Join Date: Jul 2008
Posts: 217
#4 (permalink)  
Old 09-12-2009, 08:50 AM
Default

I have the same problem and I've tried everything (I really mean everything) mentioned in this forum but with no luck; This is what the log says:
net: [2009/09/12 11:31:24, 0] libads/ldap.c:ads_get_dnshostname(2855)
2009:09:12-11:31:24 proxy [user:err] net: ads_get_dnshostname: No dNSHostName attribute!
2009:09:12-11:31:24 proxy [user:err] net: [2009/09/12 11:31:24, 0] libads/kerberos_keytab.c:ads_keytab_add_entry(291)
2009:09:12-11:31:24 proxy [user:err] net: ads_keytab_add_entry: unable to determine machine account's dns name in AD
Astaro 220 7.405
AD 2003 R2
forest Function Level windows 2000
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,685
#5 (permalink)  
Old 09-12-2009, 03:20 PM
Default

As Matthias said, a common problem is trying to do the join when the name is already taken in the AD. Another is having more than five minutes difference between the AD server and the device trying to join the AD.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Senior Member
Join Date: Jul 2008
Posts: 217
#6 (permalink)  
Old 09-13-2009, 06:23 AM
Default

the problem is the name doesn't exist in AD and the time and time zone is exactly the same I tried to put DNS server in Forwarders and tried also to put the domain in the request routing; no luck, that is why I posted my problem on the forum
Reply With Quote
Senior Member
Join Date: Jul 2008
Posts: 217
#7 (permalink)  
Old 09-13-2009, 06:40 AM
Default

the problem was solved, I don't know how but I created a user and gave it Admin permission and a simple password and it worked
Reply With Quote
Junior Member
Join Date: Sep 2009
Posts: 5
#8 (permalink)  
Old 09-19-2009, 05:00 AM
Default

Where did you create the user? In Astaro or in Active Directory?
Reply With Quote
Senior Member
Join Date: Jul 2008
Posts: 217
#9 (permalink)  
Old 10-01-2009, 07:44 AM
Default

I've created a user in the Active Directory and give it admin permissions
Reply With Quote
Junior Member
Join Date: Jul 2009
Posts: 11
#10 (permalink)  
Old 10-04-2009, 10:32 PM
Default

i've had similiar problem with 2008 R2 as DC

the ASG was not able to create it's own computer account ( i was using a domain admin user )

so i manually created the computer account on my DC (pre-2000)


that was the only way i could make it work

hope this helps,
wiz
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 07:43 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.