Technical Tip: How to change Winbind files in FortiNAC to resolve errors in joining the FortiNAC to a domain

This article describes that Winbind will work without these changes for the most part. 

However, sometimes there are various errors that can happen. 

The most common is an invalid username or password. 

This can be misleading as this can occur when the configuration files are not setup properly. 

**There is also a known issue with Winbind errors with LDAPS being in use.  The following could resolve this issue in the interim but, it is not guaranteed.  

Before editing any file, do the following:

# cp /etc/krb5.conf /etc/krb5.conf.old

# cp /etc/samba/smb.conf /etc/samba/smb.conf.old

This will copy files for backup purposes.

Resolution.

1) Log into the CLI with the root login and type:

# nano /etc/krb5.conf

2) Check the file and change the following (uncomment the lines by removing the "#" symbols):

- Under [libdefaults]:

dns_lookup_kdc = true
default_realm = <FQDN of Domain, i.e. ad.mydomain.com>

- Under [realms]:

<FQDN of Domain> = {
kdc = <FQDN of Domain Controller>
admin_server = <FQDN of Domain Controller>
}

3) Press CTRL+x to end editing, then press 'y' to save, and then press 'Enter' to overwrite the file.

This next file should already be populated with the information from the GUI fields in the Winbind tab however, better to double check.

1) Type nano /etc/samba/smb.conf.

Check the file to ensure it has this structure and correct values:

[global]
log level = 3
workgroup = <NETBios name of Domain>  <--should be in all upper-case letters
realm = <FQDN of Domain>  <-- Upper-case letters
password server = <Hostname of Domain Controller *not full FQDN*> <-- Upper-case letters.
security = ads
netbios name = <host name of FortiNAC *not full FQDN*>

2) If changes have been processed, press CTRL+x to end editing, then press 'y' to save, and then press 'Enter' to overwrite the file.