I thought I was following all the very different procedures, but no luck on log in. I could query LDAP if I supply a user name/password when prompted. Also, I can authenticate with Kerberos and join a domain, but it doesn't retain a Kerberos ticket.
The reason I'm asking about all this is so that I can use a single log on for all the different systems (UNIX, Solaris, Windows, and of course FC2 workstations) we have.
Again, all the help you can provide is very much appreciated.
Jim
-----Original Message----- From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Charles Heselton Sent: Sunday, October 31, 2004 10:58 AM To: [LINICKX]; For users of Fedora Core releases Subject: Re: FC2 authentication with Active Directory
On Sun, 31 Oct 2004 16:43:06 +0000, [LINICKX] linickx@gmail.com wrote:
I'd like to see your howto , i've tried this a number of times (using various documentation) but never succeeded :-(
cheers.
On Sun, 31 Oct 2004 16:18:38 +0100, Klaasjan Brand
klaasjan@gmail.com wrote:
Don't know if this helps, but I've set up windows domain authentication on a RHEL3 server by using the winbind module of
samba.
There's a lot of documentation about that in the samba package. Shortly, you can configure samba to join a domain and install a pam module that uses the samba-provided credentials to authenticate
system
users. If anyone needs a detailed description I probably should write a
howto ;)
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
I'd love to see a "How-to" as well. All of the documentation that I've read states that there are problems with Samba 3.x and Windows 2003 (works fine with Win2K). The most recent article I've read was about v3.0, so I don't know if the Samba developers have fixed those outstanding issues with Win2K3 in more recent versions or not.
I have set up a samba server in our win2k3 domain with no problems, although it uses winbind only, not LDAP - it is fairly simple to do: Install latest samba (3.0.7 is latest stable) edit smb.conf: security = domain workgroup = *nameofdomain* realm = *fully.qualified.nameofdomain* password server = * (or fqdn of DC) idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = + winbind use default domain = Yes
Edit /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind
Start winbind and samba. Make sure nscd is NOT running (this will give you loads of pain if it is) Join domain: net join -U Administrator (this is the old, rpc method, but it works fine)
This should give your domain users single sign on for files and printers on the linux box.
Hope that helps!
Jim Parker wrote:
I thought I was following all the very different procedures, but no luck on log in. I could query LDAP if I supply a user name/password when prompted. Also, I can authenticate with Kerberos and join a domain, but it doesn't retain a Kerberos ticket.
The reason I'm asking about all this is so that I can use a single log on for all the different systems (UNIX, Solaris, Windows, and of course FC2 workstations) we have.
Again, all the help you can provide is very much appreciated.
Jim
-----Original Message----- From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Charles Heselton Sent: Sunday, October 31, 2004 10:58 AM To: [LINICKX]; For users of Fedora Core releases Subject: Re: FC2 authentication with Active Directory
On Sun, 31 Oct 2004 16:43:06 +0000, [LINICKX] linickx@gmail.com wrote:
I'd like to see your howto , i've tried this a number of times (using various documentation) but never succeeded :-(
cheers.
On Sun, 31 Oct 2004 16:18:38 +0100, Klaasjan Brand
klaasjan@gmail.com wrote:
Don't know if this helps, but I've set up windows domain authentication on a RHEL3 server by using the winbind module of
samba.
There's a lot of documentation about that in the samba package. Shortly, you can configure samba to join a domain and install a pam module that uses the samba-provided credentials to authenticate
system
users. If anyone needs a detailed description I probably should write a
howto ;)
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
I'd love to see a "How-to" as well. All of the documentation that I've read states that there are problems with Samba 3.x and Windows 2003 (works fine with Win2K). The most recent article I've read was about v3.0, so I don't know if the Samba developers have fixed those outstanding issues with Win2K3 in more recent versions or not.
Jim Parker wrote:
I thought I was following all the very different procedures, but no luck on log in. I could query LDAP if I supply a user name/password when prompted. Also, I can authenticate with Kerberos and join a domain, but it doesn't retain a Kerberos ticket.
The reason I'm asking about all this is so that I can use a single log on for all the different systems (UNIX, Solaris, Windows, and of course FC2 workstations) we have.
Again, all the help you can provide is very much appreciated.
Jim
-----Original Message----- From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Charles Heselton Sent: Sunday, October 31, 2004 10:58 AM To: [LINICKX]; For users of Fedora Core releases Subject: Re: FC2 authentication with Active Directory
On Sun, 31 Oct 2004 16:43:06 +0000, [LINICKX] linickx@gmail.com wrote:
I'd like to see your howto , i've tried this a number of times (using various documentation) but never succeeded :-(
cheers.
On Sun, 31 Oct 2004 16:18:38 +0100, Klaasjan Brand
klaasjan@gmail.com wrote:
Don't know if this helps, but I've set up windows domain authentication on a RHEL3 server by using the winbind module of
samba.
There's a lot of documentation about that in the samba package. Shortly, you can configure samba to join a domain and install a pam module that uses the samba-provided credentials to authenticate
system
users. If anyone needs a detailed description I probably should write a
howto ;)
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
I'd love to see a "How-to" as well. All of the documentation that I've read states that there are problems with Samba 3.x and Windows 2003 (works fine with Win2K). The most recent article I've read was about v3.0, so I don't know if the Samba developers have fixed those outstanding issues with Win2K3 in more recent versions or not.
It is not advisable to have Solaris (and other UNIX) systems try to authenticate with an active directory server. But if you realy want to try and get it working, you need to have kerberos installed and running on all the UNIX/Linux systems. A much better approach would be to use LDAP for this, but even that is going to be a major pain in the @%@.
Mike
-
Elvis -
Jim Parker -
Mike Noble