[CentOS] Help with authenticating against Active Directory.
Michael Semcheski
mhsemcheski at gmail.com
Thu Jan 31 21:22:49 UTC 2008
What I did was create the users in /etc/passwd with the same username
as you would find in the AD.
Then, its just a matter of enabling Kerberos authentication, and using
the Domain Controllers as KDC's.
Maybe not what you're looking for, but its simple and effective. No
samba involved.
On Jan 31, 2008 3:51 PM, Milton Calnek <milton at calnek.com> wrote:
> Hello all,
>
> I'm trying to authenticate shell login's against an MS-ADS. I don't
> have admin access to the ADS, but I can talk to the admins.
>
> I have gotten as far as getting authentication working, but the uid's
> depend on the order of login. ie: the first guy to login gets 10000,
> the next gets 10001, etc. The problem I have with this is that I want
> to share the home directories via nfs, which means everyone has to have
> the same id.
>
> Is anyone else doing this?
>
> My smb.conf and nsswitch.conf files are below.
>
> TIA
>
> --
> Milton Calnek BSc, A/Slt(Ret.)
> milton at calnek.com
> 306-717-8737
>
>
> smb.conf
> [global]
> workgroup = example_com
> realm = example.COM
> server string = %h server (Samba %v)
> security = ADS
> map to guest = Bad Password
> passdb backend = tdbsam
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
> log level = 2 winbind:10
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> dns proxy = No
> wins server = ldap
> ldap ssl = no
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> idmap backend = ldap:ldap://ldap.example.com:3268
> ldap admin dn = cn=Manager,dc=example,dc=COM
> ldap idmap suffix = ou=Idmap
> ldap suffix = dc=example,dc=COM
> template homedir = /home/%U
> template shell = /bin/bash
> winbind separator = +
> winbind use default domain = Yes
> winbind nested groups = Yes
> invalid users = root
>
> nsswitch.confpasswd: files compat winbind
> shadow: files compat
> group: files compat winbind
>
> #hosts: db files nisplus nis dns
> hosts: files dns
>
> # Example - obey only what nisplus tells us...
> #services: nisplus [NOTFOUND=return] files
> #networks: nisplus [NOTFOUND=return] files
> #protocols: nisplus [NOTFOUND=return] files
> #rpc: nisplus [NOTFOUND=return] files
> #ethers: nisplus [NOTFOUND=return] files
> #netmasks: nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files
>
> netgroup: nisplus
>
> publickey: nisplus
>
> automount: files nisplus
> aliases: files nisplus
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list