FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-05-2008, 11:35 PM
Jay Leafey
 
Default using windows ad accounts for centos 5

Isaac Gonzalez wrote:
Hi I read and used the article
http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my ad
accounts when logging on to cent 5…however, once I edit the
nsswitch.conf file, I can’t even log on as root or any local users
anymore. Kinit seems to initialize fine doing a kinit
username@MYDOMAIN.COM <mailto:username@MYDOMAIN.COM> , however doing a
getent passwd adusername ….it just sits there in the shell and does
nothing. I actually had to put all files back to where they were before
the change to even be able to login locally or use sudo.


I followed the steps line by line on this article but get stuck
everytime….anyone has an idea or a better documented way of achieving
what I am trying to do , please let me know.


Thanks,
Isaac



I'm using AD-via-Kerberos to authenticate users on several CentOS 5.1
systems. Setting it up was as easy as a single command line:


authconfig
--usemd5 --useshadow --enablelocauthorize
--enablekrb5
--krb5realm={AD Domain Name}
--enablekrb5kdcdns --enablekrb5realmdns --update

This makes the necessary changes to /etc/krb5.conf, /etc/ and
/etc/nsswitch.conf. I am NOT using this for user information, just
password authentication, so I add user accounts for each authorized user.


You can also consider using the --disablesysnetauth flag, which disables
authenticating "system" accounts via the network services and forces
them to use local authorization. This should prevent entries in the AD
for "root" and other system accounts from being used.


Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey@mindless.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 01:01 AM
"Isaac Gonzalez"
 
Default using windows ad accounts for centos 5

That was exactly what I was looking for, thanks for taking the time to reply.....i'll reply back with my results.

-Isaac

-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jay Leafey
Sent: Thursday, June 05, 2008 4:35 PM
To: CentOS mailing list
Subject: [SPAM]Re: [CentOS] using windows ad accounts for centos 5

Isaac Gonzalez wrote:
> Hi I read and used the article
> http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my
> ad accounts when logging on to cent 5…however, once I edit the
> nsswitch.conf file, I can’t even log on as root or any local users
> anymore. Kinit seems to initialize fine doing a kinit
> username@MYDOMAIN.COM <mailto:username@MYDOMAIN.COM> , however doing a
> getent passwd adusername ….it just sits there in the shell and does
> nothing. I actually had to put all files back to where they were
> before the change to even be able to login locally or use sudo.
>
> I followed the steps line by line on this article but get stuck
> everytime….anyone has an idea or a better documented way of achieving
> what I am trying to do , please let me know.
>
> Thanks,
> Isaac
>

I'm using AD-via-Kerberos to authenticate users on several CentOS 5.1 systems. Setting it up was as easy as a single command line:

authconfig
--usemd5 --useshadow --enablelocauthorize
--enablekrb5
--krb5realm={AD Domain Name}
--enablekrb5kdcdns --enablekrb5realmdns --update

This makes the necessary changes to /etc/krb5.conf, /etc/ and /etc/nsswitch.conf. I am NOT using this for user information, just password authentication, so I add user accounts for each authorized user.

You can also consider using the --disablesysnetauth flag, which disables authenticating "system" accounts via the network services and forces them to use local authorization. This should prevent entries in the AD for "root" and other system accounts from being used.

Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey@mindless.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-18-2008, 01:47 AM
"Isaac Gonzalez"
 
Default using windows ad accounts for centos 5

Hmmm... I get

authconfig: Authentication module /lib/security/pam_krb5.so is missing. Authentication process will not work correctly.

When running this command...i tried to use yum whatprovides pam_krb5.so ...to no avail.

Any suggestions

-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jay Leafey
Sent: Thursday, June 05, 2008 4:35 PM
To: CentOS mailing list
Subject: Re: [CentOS] using windows ad accounts for centos 5

Isaac Gonzalez wrote:
> Hi I read and used the article
> http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my
> ad accounts when logging on to cent 5…however, once I edit the
> nsswitch.conf file, I can’t even log on as root or any local users
> anymore. Kinit seems to initialize fine doing a kinit
> username@MYDOMAIN.COM <mailto:username@MYDOMAIN.COM> , however doing a
> getent passwd adusername ….it just sits there in the shell and does
> nothing. I actually had to put all files back to where they were
> before the change to even be able to login locally or use sudo.
>
> I followed the steps line by line on this article but get stuck
> everytime….anyone has an idea or a better documented way of achieving
> what I am trying to do , please let me know.
>
> Thanks,
> Isaac
>

I'm using AD-via-Kerberos to authenticate users on several CentOS 5.1 systems. Setting it up was as easy as a single command line:

authconfig
--usemd5 --useshadow --enablelocauthorize
--enablekrb5
--krb5realm={AD Domain Name}
--enablekrb5kdcdns --enablekrb5realmdns --update

This makes the necessary changes to /etc/krb5.conf, /etc/ and /etc/nsswitch.conf. I am NOT using this for user information, just password authentication, so I add user accounts for each authorized user.

You can also consider using the --disablesysnetauth flag, which disables authenticating "system" accounts via the network services and forces them to use local authorization. This should prevent entries in the AD for "root" and other system accounts from being used.

Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey@mindless.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-18-2008, 02:03 AM
MHR
 
Default using windows ad accounts for centos 5

On Tue, Jun 17, 2008 at 6:47 PM, Isaac Gonzalez
<igonzalez@autoreturn.com> wrote:
> Hmmm... I get
>
> authconfig: Authentication module /lib/security/pam_krb5.so is missing. Authentication process will not work correctly.
>
> When running this command...i tried to use yum whatprovides pam_krb5.so ...to no avail.
>
> Any suggestions
>

Please stop top posting - your messages are becoming incomprehensible.

Thanks.

mhr
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-18-2008, 01:54 PM
"Mike Hanby"
 
Default using windows ad accounts for centos 5

Strange, when I run

sudo yum whatprovides pam_krb5.so

I get

pam_krb5.i386 2.2.14-1
centos5-base-rep
Matched from:
/lib/security/pam_krb5.so
pam_krb5.so

If the yum command is failing to report this package, then check your
yum.repos.d files and make sure they aren't dorked.

-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf Of Isaac Gonzalez
Sent: Tuesday, June 17, 2008 20:47
To: CentOS mailing list
Subject: RE: Re: [CentOS] using windows ad accounts for centos 5

Hmmm... I get

authconfig: Authentication module /lib/security/pam_krb5.so is missing.
Authentication process will not work correctly.

When running this command...i tried to use yum whatprovides pam_krb5.so
...to no avail.

Any suggestions

-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf Of Jay Leafey
Sent: Thursday, June 05, 2008 4:35 PM
To: CentOS mailing list
Subject: Re: [CentOS] using windows ad accounts for centos 5

Isaac Gonzalez wrote:
> Hi I read and used the article
> http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my
> ad accounts when logging on to cent 5…however, once I edit the
> nsswitch.conf file, I can’t even log on as root or any local users
> anymore. Kinit seems to initialize fine doing a kinit
> username@MYDOMAIN.COM <mailto:username@MYDOMAIN.COM> , however doing a
> getent passwd adusername ….it just sits there in the shell and does
> nothing. I actually had to put all files back to where they were
> before the change to even be able to login locally or use sudo.
>
> I followed the steps line by line on this article but get stuck
> everytime….anyone has an idea or a better documented way of achieving
> what I am trying to do , please let me know.
>
> Thanks,
> Isaac
>

I'm using AD-via-Kerberos to authenticate users on several CentOS 5.1
systems. Setting it up was as easy as a single command line:

authconfig
--usemd5 --useshadow --enablelocauthorize
--enablekrb5
--krb5realm={AD Domain Name}
--enablekrb5kdcdns --enablekrb5realmdns --update

This makes the necessary changes to /etc/krb5.conf, /etc/ and
/etc/nsswitch.conf. I am NOT using this for user information, just
password authentication, so I add user accounts for each authorized
user.

You can also consider using the --disablesysnetauth flag, which disables
authenticating "system" accounts via the network services and forces
them to use local authorization. This should prevent entries in the AD
for "root" and other system accounts from being used.

Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey@mindless.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-18-2008, 06:22 PM
"Isaac Gonzalez"
 
Default using windows ad accounts for centos 5

-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Jay Leafey
Sent: Thursday, June 05, 2008 4:35 PM
To: CentOS mailing list
Subject: [SPAM]Re: [CentOS] using windows ad accounts for centos 5

Isaac Gonzalez wrote:
> Hi I read and used the article
> http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my
> ad accounts when logging on to cent 5…however, once I edit the
> nsswitch.conf file, I can’t even log on as root or any local users
> anymore. Kinit seems to initialize fine doing a kinit
> username@MYDOMAIN.COM <mailto:username@MYDOMAIN.COM> , however doing a
> getent passwd adusername ….it just sits there in the shell and does
> nothing. I actually had to put all files back to where they were
> before the change to even be able to login locally or use sudo.
>
> I followed the steps line by line on this article but get stuck
> everytime….anyone has an idea or a better documented way of achieving
> what I am trying to do , please let me know.
>
> Thanks,
> Isaac
>


>I'm using AD-via-Kerberos to authenticate users on several CentOS 5.1 systems. Setting it up was as easy as a
>single command line:

>authconfig
>--usemd5 --useshadow --enablelocauthorize
>--enablekrb5
>--krb5realm={AD Domain Name}
>--enablekrb5kdcdns --enablekrb5realmdns --update

>This makes the necessary changes to /etc/krb5.conf, /etc/ and /etc/nsswitch.conf. I am NOT using this for user
>information, just password authentication, so I add user accounts for each authorized user.

>You can also consider using the --disablesysnetauth flag, which disables authenticating "system" accounts via
>the network services and forces them to use local authorization. This should prevent entries in the AD for
>"root" and other system accounts from being used.

>Hope that helps!
--
>Jay Leafey - Memphis, TN
>jay.leafey@mindless.com

Ok no more errors with the pam file...guess my repos was out of sync.
Jay, did you have to put in the hostname of the dc that actually performs the Kerberos auth? I am wondering if I need to specify this in the command or the krb5.conf file ...It is not working for me. I am using MYDOMAINNAME.COM as the AD domain name with and without brackets around it. Time is synced to dc.

Thanks,
Isaac



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-18-2008, 09:09 PM
"Isaac Gonzalez"
 
Default using windows ad accounts for centos 5

>Please stop top posting - your messages are becoming incomprehensible.
>
>Thanks.

>mhr

Sorry that's the default behavior of my email client. I managed to
figure out my issue.

Thanks,
Isaac
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org