[CentOS] Help with authenticating against Active Directory.

Thu Jan 31 20:51:08 UTC 2008
Milton Calnek <milton at calnek.com>

Hello all,

I'm trying to authenticate shell login's against an MS-ADS.  I don't 
have admin access to the ADS, but I can talk to the admins.

I have gotten as far as getting authentication working, but the uid's 
depend on the order of login.  ie: the first guy to login gets 10000, 
the next gets 10001, etc.  The problem I have with this is that I want 
to share the home directories via nfs, which means everyone has to have 
the same id.

Is anyone else doing this?

My smb.conf and nsswitch.conf files are below.

TIA

-- 
Milton Calnek BSc, A/Slt(Ret.)
milton at calnek.com
306-717-8737


smb.conf
[global]
         workgroup = example_com
         realm = example.COM
         server string = %h server (Samba %v)
         security = ADS
         map to guest = Bad Password
         passdb backend = tdbsam
         passwd program = /usr/bin/passwd %u
         passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
         log level = 2 winbind:10
         syslog = 0
         log file = /var/log/samba/log.%m
         max log size = 1000
         dns proxy = No
         wins server = ldap
         ldap ssl = no
         panic action = /usr/share/samba/panic-action %d
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         idmap backend = ldap:ldap://ldap.example.com:3268
         ldap admin dn = cn=Manager,dc=example,dc=COM
         ldap idmap suffix = ou=Idmap
         ldap suffix = dc=example,dc=COM
         template homedir = /home/%U
         template shell = /bin/bash
         winbind separator = +
         winbind use default domain = Yes
         winbind nested groups = Yes
         invalid users = root

nsswitch.confpasswd:     files compat winbind
shadow:     files compat
group:      files compat winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.