I am working on making FreeRadius [running on FC6] work with an existing Active Directory Server (ADS). I needed to setup Radius for 802.1x and most of the users (read: management=most ;-)) are Windows only... so have to re-use the ADS.
There is some good materials from Googling, but I run into a problem that lots of people posted about, but no one give an answer that fixed the problem for me.
Good links are:
The problem I was running into was that when I do a "net join -U Adminstrator", I get the error:
ads_connect: No such file or directory
Various people encountered this and asked in mailing lists, there were lots of suggestions, but none fixed my problem :-(
I tried the various suggestions posted, but still get same error... But one of the post gave me a clue. It turned out to be a Kerberos error.
To debug this, I used the following command line:
# net ads join -d 9 -U Administrator
[2007/05/31 22:00:15, 0] libsmb/cliconnect.c:cli_session_setup_spnego(785)
Kinit failed: Clock skew too great
Failed to join domain!
That was enough to tell me that the problem was in time synchronization.
Kerberos is very strict about clock being in sync! My fix (in FC6) was to run
the following command:
# ntpdate pool.ntp.org
and voila!
# net ads join -d 1 -U Administrator
Administrator's password:
Using short domain name -- FOOOO
Joined 'GAIA' to realm 'FOOOO.LOCAL'
I am documenting this here for other people who might run into similar problems.
Last Updated: $Date: 2007/06/02 21:16:55 $