[CentOS] Help with authenticating against Active Directory.

Michael Semcheski mhsemcheski at gmail.com
Thu Jan 31 21:22:49 UTC 2008 

What I did was create the users in /etc/passwd with the same username
as you would find in the AD.

Then, its just a matter of enabling Kerberos authentication, and using
the Domain Controllers as KDC's.

Maybe not what you're looking for, but its simple and effective.  No
samba involved.


On Jan 31, 2008 3:51 PM, Milton Calnek <milton at calnek.com> wrote:
> Hello all,
>
> I'm trying to authenticate shell login's against an MS-ADS.  I don't
> have admin access to the ADS, but I can talk to the admins.
>
> I have gotten as far as getting authentication working, but the uid's
> depend on the order of login.  ie: the first guy to login gets 10000,
> the next gets 10001, etc.  The problem I have with this is that I want
> to share the home directories via nfs, which means everyone has to have
> the same id.
>
> Is anyone else doing this?
>
> My smb.conf and nsswitch.conf files are below.
>
> TIA
>
> --
> Milton Calnek BSc, A/Slt(Ret.)
> milton at calnek.com
> 306-717-8737
>
>
> smb.conf
> [global]
>          workgroup = example_com
>          realm = example.COM
>          server string = %h server (Samba %v)
>          security = ADS
>          map to guest = Bad Password
>          passdb backend = tdbsam
>          passwd program = /usr/bin/passwd %u
>          passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
>          log level = 2 winbind:10
>          syslog = 0
>          log file = /var/log/samba/log.%m
>          max log size = 1000
>          dns proxy = No
>          wins server = ldap
>          ldap ssl = no
>          panic action = /usr/share/samba/panic-action %d
>          idmap uid = 10000-20000
>          idmap gid = 10000-20000
>          idmap backend = ldap:ldap://ldap.example.com:3268
>          ldap admin dn = cn=Manager,dc=example,dc=COM
>          ldap idmap suffix = ou=Idmap
>          ldap suffix = dc=example,dc=COM
>          template homedir = /home/%U
>          template shell = /bin/bash
>          winbind separator = +
>          winbind use default domain = Yes
>          winbind nested groups = Yes
>          invalid users = root
>
> nsswitch.confpasswd:     files compat winbind
> shadow:     files compat
> group:      files compat winbind
>
> #hosts:     db files nisplus nis dns
> hosts:      files dns
>
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files
>
> netgroup:   nisplus
>
> publickey:  nisplus
>
> automount:  files nisplus
> aliases:    files nisplus
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list