FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-18-2010, 11:22 PM
Scott Ehrlich
 
Default CentOS magic to Active Directory login?

I've been trying to follow samba, centos, ldap, and other
documentation to try and get a CentOS 5 box to permit a user to log
into an existing Windows 200x Active Directory domain without
necessarily having the box as part of the domain. If it has to be
part of the domain, that is fine. The user shall have no local
account on the box - I want their active directory account to
automatically produce their account on the CentOS 5 box, likely with a
shell of bash.

None of the web pages I've visited thus far have helped me configure
my test C5 box to allow me to successfully at least log into the
console of my C5 box with my AD credentials.

Leads to proper configuration of krb5.conf, ldap config files,
smb.conf, nsswitch.conf, and whatever else would be most appreciated.

I do have have any control of the Windows domain controller other than
limited admin rights, which largely allows me to create computer
accounts. Thus, majority of the work must be with the CentOS 5, of
which I have root and can rebuild as often as needed.

Thanks for any help/leads.

Scott
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2010, 11:33 PM
Kwan Lowe
 
Default CentOS magic to Active Directory login?

On Thu, Feb 18, 2010 at 7:22 PM, Scott Ehrlich <srehrlich@gmail.com> wrote:
> I've been trying to follow samba, centos, ldap, and other
> documentation to try and get a CentOS 5 box to permit a user to log
> into an existing Windows 200x Active Directory domain without
> necessarily having the box as part of the domain. * *If it has to be
> part of the domain, that is fine. * The user shall have no local
> account on the box - I want their active directory account to
> automatically produce their account on the CentOS 5 box, likely with a
> shell of bash.
>
> None of the web pages I've visited thus far have helped me configure
> my test C5 box to allow me to successfully at least log into the
> console of my C5 box with my AD credentials.
>
> Leads to proper configuration of krb5.conf, ldap config files,
> smb.conf, nsswitch.conf, and whatever else would be most appreciated.
>
> I do have have any control of the Windows domain controller other than
> limited admin rights, which largely allows me to create computer
> accounts. *Thus, majority of the work must be with the CentOS 5, of
> which I have root and can rebuild as often as needed.

Easiest way is to just use system-config-authentication. Then

1) Enable Winbind support
2) Enter your domain
3) Select ADS as security model
4) Enter your domain controller
5) Select /bin/bash as template shell.
6) Check "Allow Offline Login" if desired
7) Click "Join Domain" then enter an account with join privileges

Repeat for the "Authentication" tab

Under the Options tab, I also select
Cache user information
Use Shadow PWs
Local auth is sufficient
Check accss.conf
Create home dirs on login

Finally, edit the /etc/samba/smb.conf and set "winbind user default
domain" to true so you don't need to prepend the domain to the login.
I.e., ads/jsixpack
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-19-2010, 02:07 AM
Tom Bishop
 
Default CentOS magic to Active Directory login?

I just set up a centos 5.4 server with this a couple of weeks agao, really straight forward, here is the best guide that I found,�http://www.linuxmail.info/active-directory-integration-samba-centos-5/

Hope it helps....

On Thu, Feb 18, 2010 at 6:33 PM, Kwan Lowe <kwan.lowe@gmail.com> wrote:

On Thu, Feb 18, 2010 at 7:22 PM, Scott Ehrlich <srehrlich@gmail.com> wrote:


> I've been trying to follow samba, centos, ldap, and other

> documentation to try and get a CentOS 5 box to permit a user to log

> into an existing Windows 200x Active Directory domain without

> necessarily having the box as part of the domain. � �If it has to be

> part of the domain, that is fine. � The user shall have no local

> account on the box - I want their active directory account to

> automatically produce their account on the CentOS 5 box, likely with a

> shell of bash.

>

> None of the web pages I've visited thus far have helped me configure

> my test C5 box to allow me to successfully at least log into the

> console of my C5 box with my AD credentials.

>

> Leads to proper configuration of krb5.conf, ldap config files,

> smb.conf, nsswitch.conf, and whatever else would be most appreciated.

>

> I do have have any control of the Windows domain controller other than

> limited admin rights, which largely allows me to create computer

> accounts. �Thus, majority of the work must be with the CentOS 5, of

> which I have root and can rebuild as often as needed.



Easiest way is to just use system-config-authentication. Then



1) Enable Winbind support

2) Enter your domain

3) Select ADS as security model

4) Enter your domain controller

5) Select /bin/bash as template shell.

6) Check "Allow Offline Login" if desired

7) Click "Join Domain" then enter an account with join privileges



Repeat for the "Authentication" tab



Under the Options tab, I also select

�Cache user information

�Use Shadow PWs

�Local auth is sufficient

�Check accss.conf

�Create home dirs on login



Finally, edit the /etc/samba/smb.conf and set "winbind user default

domain" to true so you don't need to prepend the domain to the login.

I.e., ads/jsixpack

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-21-2010, 08:46 PM
Christoph Maser
 
Default CentOS magic to Active Directory login?

Am Freitag, den 19.02.2010, 04:07 +0100 schrieb Tom Bishop:
> I just set up a centos 5.4 server with this a couple of weeks agao,
> really straight forward, here is the best guide that I
> found, http://www.linuxmail.info/active-directory-integration-samba-centos-5/
>
>
The very same without clicking
http://wiki.centos.org/TipsAndTricks/WinbindADS

Chris



financial.com AG

Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org