[CentOS] Win2000 / Win2003 ADS dnsHostName and servicePrincipalName
rob.townley at gmail.com
Mon Aug 18 19:28:57 UTC 2008
Sharing my experience with SSO of Linux clients to Active Directory.
Over the last 2 years or so, i had a great deal of trouble getting and
_keeping_ authentication to our Win2000/Win2003 Active Directory system
working from OpenSUSE and CentOS clients. ADS authentication would work
until reboot, a few days, a month max. We'll see how long this lasts.
Another problem was dealing with the fact that i setup dns in AD using
aMixedCaseDomain.com name. Had to add all variants to the [realms] and
[domain_realm] names to /etc/krb5.conf. snslatc.hp.com, snslatc.HP.com,
Over the weekend i gave up on CentOS and tried Fedora because Fedora
repositories have SaMBa 3.2, but CentOS only has 3.0. SaMBa 3.2 supports
sasl sign and seal (hashing and encryption) and supports NTLMv2 better and
using winbind with ADS.
Still had problems with Fedora. Since i had to change the hostname in the
middle of the process and update krb5.conf as mentioned above and i noticed
that somehow dNSHostName in Active Directory was set to
"HOST/localhost:localdomain" which clearly cannot be correct. So i used
SysInternals LDAP Explorer (ADExplorer.exe) to change the entry in
ActiveDirectory to remove any reference to localhost. Unless i changed
/etc/hosts to not have rmonster in
"127.0.0.1 localhost.localdomain localhost rmonster", deleted from WinAD and
Is the line "servicePrincipalName: CIFS/rmonster.snslatc.hp.com" only
required when you want your Linux box shares to show to other clients
Successfully joined and authenticating using Fedora, but really want to use
CentOS and have group policy support from likewise.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS