I just set up a centos 5.4 server with this a couple of weeks agao, really straight forward, here is the best guide that I found, http://www.linuxmail.info/active-directory-integration-samba-centos-5/ <http://www.linuxmail.info/active-directory-integration-samba-centos-5/>Hope it helps.... On Thu, Feb 18, 2010 at 6:33 PM, Kwan Lowe <kwan.lowe at gmail.com> wrote: > On Thu, Feb 18, 2010 at 7:22 PM, Scott Ehrlich <srehrlich at gmail.com> > wrote: > > I've been trying to follow samba, centos, ldap, and other > > documentation to try and get a CentOS 5 box to permit a user to log > > into an existing Windows 200x Active Directory domain without > > necessarily having the box as part of the domain. If it has to be > > part of the domain, that is fine. The user shall have no local > > account on the box - I want their active directory account to > > automatically produce their account on the CentOS 5 box, likely with a > > shell of bash. > > > > None of the web pages I've visited thus far have helped me configure > > my test C5 box to allow me to successfully at least log into the > > console of my C5 box with my AD credentials. > > > > Leads to proper configuration of krb5.conf, ldap config files, > > smb.conf, nsswitch.conf, and whatever else would be most appreciated. > > > > I do have have any control of the Windows domain controller other than > > limited admin rights, which largely allows me to create computer > > accounts. Thus, majority of the work must be with the CentOS 5, of > > which I have root and can rebuild as often as needed. > > Easiest way is to just use system-config-authentication. Then > > 1) Enable Winbind support > 2) Enter your domain > 3) Select ADS as security model > 4) Enter your domain controller > 5) Select /bin/bash as template shell. > 6) Check "Allow Offline Login" if desired > 7) Click "Join Domain" then enter an account with join privileges > > Repeat for the "Authentication" tab > > Under the Options tab, I also select > Cache user information > Use Shadow PWs > Local auth is sufficient > Check accss.conf > Create home dirs on login > > Finally, edit the /etc/samba/smb.conf and set "winbind user default > domain" to true so you don't need to prepend the domain to the login. > I.e., ads/jsixpack > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100218/e1d2d175/attachment-0005.html>