[CentOS] CentOS magic to Active Directory login?

Fri Feb 19 03:07:30 UTC 2010
Tom Bishop <bishoptf at gmail.com>

I just set up a centos 5.4 server with this a couple of weeks agao, really
straight forward, here is the best guide that I found,
http://www.linuxmail.info/active-directory-integration-samba-centos-5/

<http://www.linuxmail.info/active-directory-integration-samba-centos-5/>Hope
it helps....

On Thu, Feb 18, 2010 at 6:33 PM, Kwan Lowe <kwan.lowe at gmail.com> wrote:

> On Thu, Feb 18, 2010 at 7:22 PM, Scott Ehrlich <srehrlich at gmail.com>
> wrote:
> > I've been trying to follow samba, centos, ldap, and other
> > documentation to try and get a CentOS 5 box to permit a user to log
> > into an existing Windows 200x Active Directory domain without
> > necessarily having the box as part of the domain.    If it has to be
> > part of the domain, that is fine.   The user shall have no local
> > account on the box - I want their active directory account to
> > automatically produce their account on the CentOS 5 box, likely with a
> > shell of bash.
> >
> > None of the web pages I've visited thus far have helped me configure
> > my test C5 box to allow me to successfully at least log into the
> > console of my C5 box with my AD credentials.
> >
> > Leads to proper configuration of krb5.conf, ldap config files,
> > smb.conf, nsswitch.conf, and whatever else would be most appreciated.
> >
> > I do have have any control of the Windows domain controller other than
> > limited admin rights, which largely allows me to create computer
> > accounts.  Thus, majority of the work must be with the CentOS 5, of
> > which I have root and can rebuild as often as needed.
>
> Easiest way is to just use system-config-authentication. Then
>
> 1) Enable Winbind support
> 2) Enter your domain
> 3) Select ADS as security model
> 4) Enter your domain controller
> 5) Select /bin/bash as template shell.
> 6) Check "Allow Offline Login" if desired
> 7) Click "Join Domain" then enter an account with join privileges
>
> Repeat for the "Authentication" tab
>
> Under the Options tab, I also select
>  Cache user information
>  Use Shadow PWs
>  Local auth is sufficient
>  Check accss.conf
>  Create home dirs on login
>
> Finally, edit the /etc/samba/smb.conf and set "winbind user default
> domain" to true so you don't need to prepend the domain to the login.
> I.e., ads/jsixpack
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20100218/e1d2d175/attachment-0005.html>