Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   CentOS 5.4 x86_64 authenticating against AD (Server 2008r2) (http://www.linux-archive.org/centos/321066-centos-5-4-x86_64-authenticating-against-ad-server-2008r2.html)

Dan Burkland 02-05-2010 03:20 AM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
Hey All,

Just wondering if any of you have been able to setup CentOS 5.4 to authenticate against AD on a Server 2008r2 Domain Controller. I am trying to complete this particular setup however I have run into some difficulties such as not being able to lookup domain users via getent passwd.

Thanks for your input,

Dan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Christopher Chan 02-05-2010 03:30 AM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
On Friday, February 05, 2010 12:20 PM, Dan Burkland wrote:
> Hey All,
>
> Just wondering if any of you have been able to setup CentOS 5.4 to authenticate against AD on a Server 2008r2 Domain Controller. I am trying to complete this particular setup however I have run into some difficulties such as not being able to lookup domain users via getent passwd.
>


Are you using winbind? What do the logs for winbind say?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Dan Burkland 02-05-2010 03:45 AM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
I am indeed using winbind. While I am not new to CentOS I am a greenhorn when it comes to Winbind. What log is considered the main Winbind log? (perhaps /var/log/samba/winbind.log?) Also. I have posted my smb.conf on pastebin: http://centos.pastebin.com/f5b4406a7

Thanks again for your help,

Dan
________________________________________
From: centos-bounces@centos.org [centos-bounces@centos.org] On Behalf Of Christopher Chan [christopher.chan@bradbury.edu.hk]
Sent: Thursday, February 04, 2010 10:30 PM
To: centos@centos.org
Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

On Friday, February 05, 2010 12:20 PM, Dan Burkland wrote:
> Hey All,
>
> Just wondering if any of you have been able to setup CentOS 5.4 to authenticate against AD on a Server 2008r2 Domain Controller. I am trying to complete this particular setup however I have run into some difficulties such as not being able to lookup domain users via getent passwd.
>


Are you using winbind? What do the logs for winbind say?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Christopher Chan 02-05-2010 03:58 AM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
On Friday, February 05, 2010 12:45 PM, Dan Burkland wrote:
> I am indeed using winbind. While I am not new to CentOS I am a greenhorn when it comes to Winbind. What log is considered the main Winbind log? (perhaps /var/log/samba/winbind.log?) Also. I have posted my smb.conf on pastebin: http://centos.pastebin.com/f5b4406a7
>

Does either 'wbinfo -u' or 'wbinfo -g' work for you?

If they do, do you have entries in nsswitch.conf for winbind?

>> Hey All,
>>
>> Just wondering if any of you have been able to setup CentOS 5.4 to authenticate against AD on a Server 2008r2 Domain Controller. I am trying to complete this particular setup however I have run into some difficulties such as not being able to lookup domain users via getent passwd.
>>
>
>
> Are you using winbind? What do the logs for winbind say?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Christoph Maser 02-05-2010 08:23 AM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
Am Freitag, den 05.02.2010, 05:20 +0100 schrieb Dan Burkland:
> Hey All,
>
> Just wondering if any of you have been able to setup CentOS 5.4 to authenticate against AD on a Server 2008r2 Domain Controller. I am trying to complete this particular setup however I have run into some difficulties such as not being able to lookup domain users via getent passwd.
>
> Thanks for your input,
>
> Dan

You can find a documentation how to do that here:
http://wiki.centos.org/TipsAndTricks/WinbindADS

Chris


financial.com AG

Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Dan Burkland 02-05-2010 12:38 PM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
> -----Original Message-----
> From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
> Behalf Of Christopher Chan
> Sent: Thursday, February 04, 2010 10:59 PM
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server
> 2008r2)
>
>
> On Friday, February 05, 2010 12:45 PM, Dan Burkland wrote:
> > I am indeed using winbind. While I am not new to CentOS I am a greenhorn
> when it comes to Winbind. What log is considered the main Winbind log?
> (perhaps /var/log/samba/winbind.log?) Also. I have posted my smb.conf on
> pastebin: http://centos.pastebin.com/f5b4406a7
> >
>
> Does either 'wbinfo -u' or 'wbinfo -g' work for you?
>
> If they do, do you have entries in nsswitch.conf for winbind?
>
> >> Hey All,
> >>
> >> Just wondering if any of you have been able to setup CentOS 5.4 to
> authenticate against AD on a Server 2008r2 Domain Controller. I am trying
> to complete this particular setup however I have run into some
> difficulties such as not being able to lookup domain users via getent
> passwd.
> >>
> >
> >
> > Are you using winbind? What do the logs for winbind say?
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Wbinfo -u & wbinfo -g do indeed work for me however getent passwd or getent group returns no AD users or groups. I have winbind entries in nsswitch for both the passwd & group entries. Josepeh, I will try a newer RPM from a different repository and see if that resolves my issues. Did my smb.conf look ok?

Thanks again guys,

Dan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Chan Chung Hang Christopher 02-05-2010 11:17 PM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
> Wbinfo -u & wbinfo -g do indeed work for me however getent passwd or getent group returns no AD users or groups. I have winbind entries in nsswitch for both the passwd & group entries. Josepeh, I will try a newer RPM from a different repository and see if that resolves my issues. Did my smb.conf look ok?
>

It did...which is why I asked whether wbinfo -u/g worked...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

"Joseph L. Casale" 02-05-2010 11:25 PM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
>Wbinfo -u & wbinfo -g do indeed work for me however getent passwd or getent group returns no AD users or groups. I have winbind entries in nsswitch for both the passwd & >group entries. Josepeh, I will try a newer RPM from a different repository and see if that resolves my issues. Did my smb.conf look ok?

getent doesn't need to return data for this to work, just wbinfo.
It's likely the issue I spoke of, aside from the winbind entries
in smb.conf that allow local logon.

Take my advice:
yum erase samba == uber happiness

Get ldap working, no interop issues with the old samba version in rhel and
newer ms servers. Plus you will be using something forward compatible that
a txt edit could likely fix in the event something drastic changed in the
schema and search filters for example had to change.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Christoph Maser 02-06-2010 06:43 AM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
Am Freitag, den 05.02.2010, 14:38 +0100 schrieb Dan Burkland:

>
> Wbinfo -u & wbinfo -g do indeed work for me however getent passwd or
> getent group returns no AD users or groups. I have winbind entries in
> nsswitch for both the passwd & group entries. Josepeh, I will try a
> newer RPM from a different repository and see if that resolves my
> issues. Did my smb.conf look ok?
>
> Thanks again guys,
>
> Dan


Why don't you try the way i proposed it automatically sets up smb.conf,
krb5.conf, pam and nss correctly. And its the way the upstream vendor
itended to use.

Chris


financial.com AG

Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Chan Chung Hang Christopher 02-10-2010 12:11 PM

CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
 
> If you have hundreds or thousands of users and hundreds of groups,
> well good luck. It is extremely hard to automate assigning these uids/
> gids and making sure they don't collide with each other or other unix
> systems and doing it by hand is a torture reserved for the ninth
> circle of hell.
>
> If only nss_ldap had a SID->UID/GID mapping like samba has.
>

How about winbind with a ldap backend? winbind creates the uids/gids and
the rest just run nss_ldap?

I currently use an ldap directory to store the rids but I don't remember
if they have been translated to uids/gids or whether the winbind modules
do that...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 11:08 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.