FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-07-2010, 09:44 PM
Dan Burkland
 
Default CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

________________________________________
From: centos-bounces@centos.org [centos-bounces@centos.org] On Behalf Of Jeff [jlar310@gmail.com]
Sent: Sunday, February 07, 2010 9:20 AM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

On Fri, Feb 5, 2010 at 6:25 PM, Joseph L. Casale
<jcasale@activenetwerx.com> wrote:
>>Wbinfo -u & wbinfo -g do indeed work for me however getent passwd or getent group returns no AD users or groups. I have winbind entries in nsswitch for both the passwd & >group entries. Josepeh, I will try a newer RPM from a different repository and see if that resolves my issues. Did my smb.conf look ok?
>
> getent doesn't need to return data for this to work, just wbinfo.
> It's likely the issue I spoke of, aside from the winbind entries
> in smb.conf that allow local logon.
>
> Take my advice:
> yum erase samba == uber happiness
>
> Get ldap working, no interop issues with the old samba version in rhel and
> newer ms servers. Plus you will be using something forward compatible that
> a txt edit could likely fix in the event something drastic changed in the
> schema and search filters for example had to change.

+1

We've been using nss_ldap against AD for years. It's never a problem.

Jeff
_______________________________________________

Version 3.4.5 of Samba did end up resolving the issue I was having and now AD users can login to the box. I am however interested in going the LDAP route mainly for the forward compatability reason stated by Jeff. Is there anything special I need to do on the DC for the LDAP authentication to work?

Thanks,

Dan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 07:23 PM
"Joseph L. Casale"
 
Default CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

>That RID map feature of samba is great.

Forgot about that, AFAIK, you can do that w/ SFU & pam mods.

I have two Samba servers left that I want to get rid of


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 10:27 PM
Dan Burkland
 
Default CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

From: centos-bounces@centos.org [centos-bounces@centos.org] On Behalf Of Ross Walker [rswwalker@gmail.com]
Sent: Tuesday, February 09, 2010 4:08 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale
<jcasale@activenetwerx.com> wrote:
>>That RID map feature of samba is great.
>
> Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
>
> I have two Samba servers left that I want to get rid of

You can do it with SFU, but SFU doesn't create UID/GIDs for existing
users, you have to do those manually.

Then there is the whole issue of maintaining those IDs over a long
period of time.

Also with RID mapping I can map different domains into different ID ranges.

100000 - 199999 first domain
200000 - 299999 second domain

And so on.

You know you don't need the full Samba install to setup a winbind->NIS
server, just the Samba client will do.

Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs
have a smb.conf and winbind running.

NIS is only as secure as the network it runs on. If it bumps against
public networks (unsecure wifi so on) use 802.11 authentication.

-Ross
_______________________________________________

For anybody wanting to know how to go the LDAP Route I found an interesting article in the linux.com archives
http://www.linux.com/archive/feed/40983

Thanks again guys for your input.

Dan
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:49 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org