Hi In fc 8 there is a facility to authenticate users against AD on the menu system >> administration >> authentication
I have configured Kerberose LDAP samba
These are the errors typical errors I'm getting ..
Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: [2008/09/18 13:38:58, 0] nsswitch/winbindd_util.c:init_domain_list(511) Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: Could not fetch our SID - did we join? Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: [2008/09/18 13:38:58, 0] nsswitch/winbindd.c:main(1091) Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: unable to initalize domain list Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: [2008/09/18 13:45:14, 0] nsswitch/winbindd_util.c:init_domain_list(511) Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: Could not fetch our SID - did we join? Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: [2008/09/18 13:45:14, 0] nsswitch/winbindd.c:main(1091) Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: unable to initalize domain list Sep 18 13:45:52 technical-vmwareserver nscd: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Sep 18 13:45:56 technical-vmwareserver nscd: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Sep 18 13:45:57 technical-vmwareserver gdm-binary[3679]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Sep 18 13:46:01 technical-vmwareserver gdm-binary[3679]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Sep 18 13:46:04 technical-vmwareserver nscd: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
I'm using the correct username and password to join the domain so I'm a bit lost ..
it there a Howto for this ? I have tried to configure this but have not won yet ..
The menu approach does not work here. I can authenticate users with the pam_smb module. It has instructions with it. The only problem is that user accounts must be created on each system before users can log in. Otherwise, pam_smb works fine to authenticate users.
I never had any luck with winbind or ldap bacause those approaches require co-operation of the active directory or the ldap server, and I don't have administrative power there. but, with pam_smb, I do not need it. I can authenticate users without any cooperation from the windows domain administrators..
pj
On Thu, Sep 18, 2008 at 6:56 AM, Gregory Machin gdm@linuxpro.co.za wrote:
Hi In fc 8 there is a facility to authenticate users against AD on the menu system >> administration >> authentication
I have configured Kerberose LDAP samba
These are the errors typical errors I'm getting ..
Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: [2008/09/18 13:38:58, 0] nsswitch/winbindd_util.c:init_domain_list(511) Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: Could not fetch our SID - did we join? Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: [2008/09/18 13:38:58, 0] nsswitch/winbindd.c:main(1091) Sep 18 13:38:58 technical-vmwareserver winbindd[3563]: unable to initalize domain list Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: [2008/09/18 13:45:14, 0] nsswitch/winbindd_util.c:init_domain_list(511) Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: Could not fetch our SID - did we join? Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: [2008/09/18 13:45:14, 0] nsswitch/winbindd.c:main(1091) Sep 18 13:45:14 technical-vmwareserver winbindd[3636]: unable to initalize domain list Sep 18 13:45:52 technical-vmwareserver nscd: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Sep 18 13:45:56 technical-vmwareserver nscd: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Sep 18 13:45:57 technical-vmwareserver gdm-binary[3679]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Sep 18 13:46:01 technical-vmwareserver gdm-binary[3679]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Sep 18 13:46:04 technical-vmwareserver nscd: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
I'm using the correct username and password to join the domain so I'm a bit lost ..
it there a Howto for this ? I have tried to configure this but have not won yet ..
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Em Sex 03 Out 2008, Paul Johnson escreveu:
The menu approach does not work here. I can authenticate users with the pam_smb module. It has instructions with it. The only problem is that user accounts must be created on each system before users can log in. Otherwise, pam_smb works fine to authenticate users.
I never had any luck with winbind or ldap bacause those approaches require co-operation of the active directory or the ldap server, and I don't have administrative power there. but, with pam_smb, I do not need it. I can authenticate users without any cooperation from the windows domain administrators..
The only power you need on AD to use the winbind/ldap solution, which I think is much better, is the right to add computer accounts to the domain. The Windows domain administrators can grant you this right without granting any other administrative privileges. There's no need to create any accounts locally. I have here a document I created a couple of years ago in which I had written detailed instructions on how to get Fedora Core 6 authenticating users on AD. The procedure has not changed much since then. I can send it to you if you wish, but it's written in portuguese, you may need to use a translator.
[]'s Marcelo
-
Gregory Machin -
Marcelo Magno T. Sales -
Paul Johnson